PROBLEM
During normal use of ArcGIS Enterprise components Portal for ArcGIS and ArcGIS Data Store, administrators may notice informational warnings generated by McAfee Endpoint Security.
Those warnings will appear similar to this:
In response vulnerabilities that surfaced in late 2021 related to Log4J, McAfee updated its product coverage to include a new Expert Rule named "JNDI Log4J Exploit".
McAfee's approach is documented here: Log4J and The Memory That Knew Too Much
This rule is triggered when McAfee Endpoint Security detects potentially malicious activity that exhibit behaviors similar to what may be seen when the Log4J vulnerability CVE-2021-44228 is exploited.
See also:
McAfee Enterprise coverage for Apache Log4j CVE-2021-44228 Remote Code Execution
Administrators and users may notice these warnings even if Esri's Log4J patches have been applied.
The behavior flagged is expected and the warning is informational.
Portal for ArcGIS and ArcGIS Datastore call PG_ISREADY and whoami on Windows by opening the Windows Command interpreter (CMD.exe) via a Java process. Both PG_ISREADY and whoami are command line tools.
Article ID: 000028041
Get help from ArcGIS experts
Download the Esri Support App