Hi Dojo,
assuming the BPA to detect Antivirus DLLs has failed due to incorrect antivirus exceptions, should the result be "OK", after the antivirus exception are corrected?
Do we know, if the BPA provides its result based the result of
- a scan on the process, that may have occurred someday in the past on this host?
- a scan on the process since it was last started?
- only recent scans on the process (e.g. executed in the last 24 hours)?
In other words, how can we exclude, that the BPA provides a result, that does not match the current antivirus configuration and may show an outdated status?
Many thanks!
Hi André,
The antivirus BPA is by default being executed once every day as explained here.
In System Center, on the Agents > BPA tab page, you can change the interval at which every test should be executed.
On that page you can also manually trigger the check, after correcting the detected problems. This allows you to check if everything is correct now, without waiting for the next scheduled run.
Hi Tom,
many thanks for your feedback. I am aware of the handling and possibilities of BPAs and thus know these options already.
I was observing, that the BPA shows the same result even after the cause should be resolved. In my case a dll of McAfee Trellix was detected. I did some further reseach on that topic and found some hints in the Trellix Knowledge Base: https://kcm.trellix.com/corporate/index?page=content&id=KB95181&locale=en_US
It seems, that processes need to be restarted to clean the Trellix dll. In case of DataMiner for vital processes this requires a restart of the agents, which we may test in the next days. I'll share my findings here afterwards.