{"id":1286,"date":"2015-07-10T09:28:43","date_gmt":"2015-07-10T07:28:43","guid":{"rendered":"http:\/\/www.satinfo.es\/noticies\/?p=1286"},"modified":"2015-07-10T09:28:55","modified_gmt":"2015-07-10T07:28:55","slug":"registro-de-proteccion-de-acceso-de-virusscan-muestra-entradas-relacionadas-con-mcdatrep-exe","status":"publish","type":"post","link":"https:\/\/www.satinfo.es\/noticies\/2015\/registro-de-proteccion-de-acceso-de-virusscan-muestra-entradas-relacionadas-con-mcdatrep-exe\/","title":{"rendered":"Registro de Protecci\u00f3n de Acceso de VirusScan muestra entradas relacionadas con McDatRep.exe"},"content":{"rendered":"

Desde hace unos pocos d\u00edas varios clientes han comenzado a ver entradas del registro de protecci\u00f3n de acceso en el servidor ePO relacionadas con el archivo mcdatrep.exe. A continuaci\u00f3n detallamos las dos casu\u00edsticas y la explicaci\u00f3n ofrecida por McAfee al respecto.<\/span><\/p>\n

CASO 1<\/span><\/b><\/u><\/span><\/span>:<\/b><\/span><\/span>
\n<\/b><\/span><\/span>Se registra el evento <\/span><\/span>1092<\/b><\/span><\/span> en el visor de sucesos de Windows:<\/span><\/span><\/span><\/p>\n

Descripci\u00f3n del Evento:<\/b> Access Protection rule violation detected and blocked Computer name:<\/i>{<\/i>Name<\/i>}<\/i> IP address:<\/i>{<\/i>IPaddress<\/i>} <\/i>User name: NT AUTHORITY\\SYSTEM<\/i><\/span><\/span><\/span><\/p>\n

Archivo<\/b>:<\/b> C:\\Program Files\\Common Files\\McAfee\\DATReputation\\mcdatrep.exe<\/i><\/span><\/span><\/span><\/p>\n

Nombre de la Amenaza<\/b>:<\/b> McAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settings Threat category: ‘File’ class or access Threat type: access protection Action taken: deny terminate<\/i><\/p>\n

Proceso de Origen: C:\\Windows\\system32\\CCM\\CcmExec.exe<\/i><\/p>\n

CASO 2<\/u>:
\n<\/span><\/b><\/span><\/span>Se muestra un mensaje similar al indicado a continuaci\u00f3n en el registro de Protecci\u00f3n de Acceso de VSE:
\n<\/span><\/span><\/span>
\nBlocked by Access Protection rule NT AUTHORITY\\SYSTEM C:\\WINDOWS\\CCM\\CCMEXEC.EXE C:\\PROGRAM FILES (X86)\\COMMON FILES\\MCAFEE\\DATREPUTATION\\MCDATREP.EXE
\nMcAfee DAT Reputation:Prevent modification of McAfee DAT Reputation files and settings Action blocked : Terminate<\/i><\/span><\/span><\/span><\/p>\n

CAMBIOS EN EL SISTEMA<\/b><\/u><\/span>:<\/b><\/span>
\nEstos mensajes empiezan a aparecer tras la actualizaci\u00f3n de DAT Reputation a la versi\u00f3n V1.0.3.<\/span><\/span><\/span><\/p>\n

<\/h3>\n

SOLUCI\u00d3N<\/span><\/b><\/u><\/span>:<\/b><\/span>
\nMcAfee indica que se puede ignorar este mensaje ya que no afecta <\/span>a <\/span>ninguna funcionalidad del producto.<\/span><\/span><\/span><\/p>\n

Nota<\/i><\/b><\/u>: <\/b><\/i>Para obtener m\u00e1s informaci\u00f3n sobre las funcionalidades de DAT Reputation puede consultar el <\/span>KB55986<\/a><\/b><\/u><\/span><\/span><\/p>\n

SATINFO<\/span><\/span><\/span>, <\/span><\/span>SERVICIO DE ASISTENCIA T\u00c9CNICA INFORMATICA<\/span><\/span> 10<\/span><\/span> de <\/span><\/span>Julio<\/span><\/span> de 201<\/span><\/span>5<\/span><\/span><\/b><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Desde hace unos pocos d\u00edas varios clientes han comenzado a ver entradas del registro de protecci\u00f3n de acceso en el servidor ePO relacionadas con el archivo mcdatrep.exe. A continuaci\u00f3n detallamos las dos casu\u00edsticas y la explicaci\u00f3n ofrecida por McAfee al respecto. CASO 1: Se registra el evento 1092 en el visor de sucesos de Windows: […]<\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[655,891,892],"tags":[754,753,752,89],"class_list":["post-1286","post","type-post","status-publish","format-standard","hentry","category-655","category-otros","category-todos","tag-mcafee-dat-reputationprevent-modification-of-mcafee-dat-reputation","tag-mcdatrep-exe","tag-proteccion-de-acceso","tag-virusscan","category-655-id","category-891-id","category-892-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts\/1286","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/comments?post=1286"}],"version-history":[{"count":0,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/posts\/1286\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/media?parent=1286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/categories?post=1286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.satinfo.es\/noticies\/wp-json\/wp\/v2\/tags?post=1286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}