What is the meaning of the various status values reported by the Symantec Central Quarantine server?
|Article:TECH99147|||||Created: 2001-01-02|||||Updated: 2004-01-03|||||Article URL http://www.symantec.com/docs/TECH99147|
You want to know the meaning of the different status values reported through the Symantec Central Quarantine server.
The following table provides a short definition of the various status values (IcePack tokens) reported through the Symantec Central Quarantine server.
|quarantined||This sample has been received by Central Quarantine.||Time In State|
|submitted||This sample has been submitted for analysis.||Time In State|
|held||This sample is held for submission to the analysis center||Y||Requires manual submission.|
|released||This sample will be submitted to the analysis center.||Time In State|
|unneeded||New definitions are not needed on this sample's originator||Final state|
|needed||New definitions are needed for this sample.||Time In State|
|available||New definitions are held for delivery to this sample's originator.||Time In State||Requires manual delivery.|
|distribute||New definitions will be delivered to this sample's originator||Time In State|
|distributed||New definitions have been delivered to this sample's originator.||Time In State|
|installed||New definitions have been installed on this sample's originator.||Final state|
|attention||Contact Symantec technical support for assistance with this sample||Y||Final state|
|misfired||This sample is detected as not infected when rescanned||Time In State||update the definitions on the submitting client machine|
|error||An error occurred while processing this sample||Y||Final state|
|notinstalled||Definitions could not be delivered to this sample's originator.||Y|
|restart||This sample will be restarted.|
|unsubmitable||This sample cannot be submitted for analysis||This message may result from an attempt to submit a known sample. There is no corrective action, as there is no need to report an already known virus.|
Here is an example of what can be reported through the Symantec Central Quarantine server.
Last Alert: Sat, 24 Feb 2001 00:46:21 GMT
Event Name: Sample: too long with Distributed status
distributed: New definitions have been delivered to this sample's
The "Sample: too long with Distributed status" means new definitions have arrived from the gateway, but confirmation that they were installed on the client has not yet been received. The default timeout for this process is 60 minutes.
Article URL http://www.symantec.com/docs/TECH99147