cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
BKS_Nesrine
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 1 of 4
‎12-08-2019 06:04 AM

Classe ou accès 'Registre' event ID 1092

Jump to solution

HI,

I Have the message event below '''AUTORITE NT\Système a exécuté C:\Program Files\McAfee\WebAdvisor\updater.exe, qui tentait d'accéder à HKLM\SOFTWARE\GOOGLE\CHROME\ d'une manière contraire à la règle « Contrôle Web - Clés et valeurs du registre du plug-in Protect », et a été bloqué. 

Nom de la menace : Web Control protect plug-in registry keys and values

Gravité de la menace: Critique 

type de la menace ; autoprotection 

ID de la menace 1092

Fichier Source: C:\Program Files\McAfee\WebAdvisor

Thanks in advence 

 

 

 

0 Kudos
Reply
2 Solutions

Accepted Solutions
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 2 of 4
‎12-09-2019 01:58 AM

Re: Classe ou accès 'Registre' event ID 1092

Jump to solution

Hi @BKS_Nesrine,

Thank you for your post! This is an interesting catch! Looking into the event, We see McAfee WebAdvisor present on the machine: https://chrome.google.com/webstore/detail/mcafee%C2%AE-webadvisor/fheoggkfdfchfphceeifdbepaooicaho which uses similar components as McAfee Web Control, however this is not an enterprise/Business user product. This is a Home user product from McAfee

So, My guess here is that you have ENS installed on the machine that is protecting access of updater.exe to locations where web control would be present. This is based on the below line:

Nom de la menace : Web Control protect plug-in registry keys and values

Please note that Web Control is an Enterprise product that is usually a part of Endpoint Security. If The above statement of using ENS with Web Advisor is true on the PC under question, I can confirm that this is expected behavior and would recommend removing WebAdvisor and using McAfee Endpoint Security Web Control instead!

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

0 Kudos
Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎12-09-2019 02:28 AM

Re: Classe ou accès 'Registre' event ID 1092

Jump to solution

Hi @BKS_Nesrine,

Glad I could be of some help here! By the way, Glad to see you active here and to meet again. Hopefully this resolves your query! Have a nice day ahead and Kudos to you for keeping us updated!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

0 Kudos
Reply
3 Replies
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 2 of 4
‎12-09-2019 01:58 AM

Re: Classe ou accès 'Registre' event ID 1092

Jump to solution

Hi @BKS_Nesrine,

Thank you for your post! This is an interesting catch! Looking into the event, We see McAfee WebAdvisor present on the machine: https://chrome.google.com/webstore/detail/mcafee%C2%AE-webadvisor/fheoggkfdfchfphceeifdbepaooicaho which uses similar components as McAfee Web Control, however this is not an enterprise/Business user product. This is a Home user product from McAfee

So, My guess here is that you have ENS installed on the machine that is protecting access of updater.exe to locations where web control would be present. This is based on the below line:

Nom de la menace : Web Control protect plug-in registry keys and values

Please note that Web Control is an Enterprise product that is usually a part of Endpoint Security. If The above statement of using ENS with Web Advisor is true on the PC under question, I can confirm that this is expected behavior and would recommend removing WebAdvisor and using McAfee Endpoint Security Web Control instead!

I sincerely hope this helps!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
BKS_Nesrine
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 4
‎12-09-2019 02:24 AM

Re: Classe ou accès 'Registre' event ID 1092

Jump to solution
HI,
Thank you for your answer , it was helpful, i will try to uninstall WebAdvisor.
😉

Reply
AdithyanT
Employee
Employee
Report Inappropriate Content
Message 4 of 4
‎12-09-2019 02:28 AM

Re: Classe ou accès 'Registre' event ID 1092

Jump to solution

Hi @BKS_Nesrine,

Glad I could be of some help here! By the way, Glad to see you active here and to meet again. Hopefully this resolves your query! Have a nice day ahead and Kudos to you for keeping us updated!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC