What is the meaning of the various status values reported by the Symantec Central Quarantine server?

Article:TECH99147  |  Created: 2001-01-02  |  Updated: 2004-01-03  |  Article URL http://www.symantec.com/docs/TECH99147
Article Type
Technical Solution


Environment

Issue



You want to know the meaning of the different status values reported through the Symantec Central Quarantine server.


Solution



The following table provides a short definition of the various status values (IcePack tokens) reported through the Symantec Central Quarantine server.

IcePack tokenDefinitionAlertableComments
quarantinedThis sample has been received by Central Quarantine.Time In State
submittedThis sample has been submitted for analysis.Time In State
heldThis sample is held for submission to the analysis centerYRequires manual submission.
releasedThis sample will be submitted to the analysis center.Time In State
unneededNew definitions are not needed on this sample's originatorFinal state
neededNew definitions are needed for this sample.Time In State
availableNew definitions are held for delivery to this sample's originator.Time In StateRequires manual delivery.
distributeNew definitions will be delivered to this sample's originatorTime In State
distributedNew definitions have been delivered to this sample's originator.Time In State
installedNew definitions have been installed on this sample's originator.Final state
attentionContact Symantec technical support for assistance with this sampleYFinal state
misfiredThis sample is detected as not infected when rescannedTime In Stateupdate the definitions on the submitting client machine
errorAn error occurred while processing this sampleYFinal state
notinstalledDefinitions could not be delivered to this sample's originator.Y
restartThis sample will be restarted.
unsubmitableThis sample cannot be submitted for analysisThis message may result from an attempt to submit a known sample. There is no corrective action, as there is no need to report an already known virus.

Here is an example of what can be reported through the Symantec Central Quarantine server.

Last Alert: Sat, 24 Feb 2001 00:46:21 GMT
Event Name: Sample: too long with Distributed status
distributed: New definitions have been delivered to this sample's
originator.


The "Sample: too long with Distributed status" means new definitions have arrived from the gateway, but confirmation that they were installed on the client has not yet been received. The default timeout for this process is 60 minutes.





Legacy ID



2001020210163848


Article URL http://www.symantec.com/docs/TECH99147


Terms of use for this information are found in Legal Notices