After running McAfee ePolicy Orchestrator 5.1.0 report for our DB (SQL Server 2008R2) got a bunch of items of the next view:
The stored procedure xp_xxx is enabled. It is recommended to drop it if not needed.
We've checked and all these xp_xxx SPs are belongs to sys. Tried next thing:
EXEC sys.xp_sqlagent_is_starting
Result:
Msg 22024, Level 16, State 1, Line 0 Usage: EXECUTE xp_sqlagent_is_starting <Flag INT> OUTPUT
So such SP present. Then tried:
exec sp_dropextendedproc xp_sqlagent_is_starting
AND
DROP PROCEDURE xp_sqlagent_is_starting
Result:
Msg 3701, Level 16, State 15, Procedure sp_dropextendedproc, Line 18 Cannot drop the procedure 'xp_sqlagent_is_starting', because it does not exist or you do not have permission.
AND
Msg 3701, Level 11, State 5, Line 1 Cannot drop the procedure 'xp_sqlagent_is_starting', because it does not exist or you do not have permission.
All attemps under 'sa' user. It's obvious for me that there is no way to drop them and frankly speaking I don't see security issues in them. But the report should be clean :( The question is:
Or maybe to HIDE them for the user/role under which McAfee ePolicy Orchestrator 5.1.0 is running its scan?
I need to remove that messages from the security report. Thanks.
You cannot drop system extended procedures. Don't try to drop them, just take away execute permission for everyone:
DENY EXECUTE ON xp_xxx TO PUBLIC;
Other XPs can be dropped, but may break your applications if they're used.