Action
Description
Access denied
Auto-Protect prevented a file from being created.
Action failed
Symantec AntiVirus was unable to perform the action.
Attachment stripped
Symantec AntiVirus removed an attachment that contained a risk from an email message.
Bad
Symantec AntiVirus could not take action on a file because the file is write-protected or because the SYSTEM account lacks write permissions to the file.
Cleaned
Symantec AntiVirus cleaned a virus from the computer.
Cleaned by deletion
Symantec AntiVirus cleaned a virus from the computer. The action configured was "clean," but a file
was deleted because that was the only way it could be cleaned.
For example, this is generally true of Trojan horse programs.
Cleaned or macros deleted
Symantec AntiVirus cleaned a macro virus from a file either by deletion or some other means. This applies only to events received from computers that run Symantec AntiVirus 8.x or earlier.
Deleted
Symantec AntiVirus deleted an object, such as a file or registry key, to remove a risk.
Details pending
Details are not yet available about this action.
Excluded
A user chose to exclude a security risk from detection. This can occur, for example, when a user is prompted for permission to terminate a process.
Firewall violation
Symantec Client Firewall blocked traffic that constituted a firewall violation.
IPS block
Symantec Client Firewall's Intrusion Prevention protection technology blocked a suspicious behavior.
Left alone
Symantec AntiVirus detected a risk but did not take action.
This can occur if the first configured action is Leave alone or if the second configured action was Leave alone and the first configured action was not successful. This may mean that a risk is active on the endpoint.
Partial
Partially repaired
Symantec AntiVirus could not completely repair the effects of a virus or security risk. This status appears when the second action is set to "Leave Alone," and Symantec AntiVirus could not complete all remediation actions.
Pending repair
A user still needs to take action to complete the remediation of a risk on a computer.
This may occur, for example, if a user hasn’t responded to a prompt to terminate a process.
Quarantined
Symantec AntiVirus quarantined a file.
Reboot pending
The user must restart the computer so that Symantec AntiVirus can complete the configured action.
Reboot processing
Symantec AntiVirus detected a threat that requires a restart for full remediation. Symantec AntiVirus is taking the needed steps to prepare for a restart. When complete, the status changes to "Reboot pending."
Suspicious
Symantec AntiVirus detected and remediated a suspicious event, but details about the actions that
were taken are not available.
This action typically applies to computers that run legacy software. One example is the case where an Internet browser creates a temporary file that contains maliciouEXs data. Auto-Protect scans this data and prevents it from being written to the computer. The event retains the name of the temporary
file, but the file is never actually created, so it cannot be located on the computer.