Endpoint Protection

 View Only

  • 1.  12.1 - Old data causing new alerts

    Posted Jan 24, 2012 10:45 AM

    I have 1 client (12.1) causing some problems for me, for the last few weeks I have routinely gotten alerts about events months or years past.

    Here's the most recent alert:

    Risk name: (Unknown)
    File path: Cookie:username@statse.webtrendslive.com\
    Event time: Aug 5, 2011 9:16:30 AM
    Database insert time: Jan 24, 2012 10:15:31 AM
    Source: Heuristic Scan
    Description: ""
    User: username
    Computer: computername
    IP Address: x.x.x.x
    Domain: Default
    Server: Servername
    Client Group: My Company\Corporate
    Action taken on risk: Details pending
    This alarm was generated at Jan 24, 2012 11:18:02 AM (Reporter host Time).
    This alarm was generated by bsalyer, with the following filters:
    Domain: %
    Group: %
    Server: %
    Computer: %
    Risk name: %


    I've swept logs on the SEPM, I've reinstalled the client, and I've recreated the notification alert on the SEPM.  Any suggestions?



  • 2.  RE: 12.1 - Old data causing new alerts

    Posted Jan 24, 2012 11:31 AM

    once you recreate the notifications and restart sepm services. they should not show up.



  • 3.  RE: 12.1 - Old data causing new alerts

    Trusted Advisor
    Posted Jan 25, 2012 06:39 AM

    Hello,

    I agree with Rafeeq.

    Could you try deleting the Notification and recreating the same notification again.

    Hope that helps!!