Video Screencast Help

Generate Windows Event for virus definitions

Created: 08 Apr 2014 • Updated: 08 Apr 2014 | 12 comments

Hi guys,

We have SEPM12.

Looking at this link:
http://www.symantec.com/business/support/index?pag...

SEPM will generate Windows Events for several situations.

We would like to know if it can generate a System Event for when the definitions reach a certain age:

I noticed this line in the link:

Definitions Unprotected
40
GL_EVENT_BAD_DEFS_UNPROTECTED
Occurs when a computer is not protected with definitions.

Can someone explain the following:

1. When is this System Event (40) triggered?

2. As mentioned earlier, is there a way to generate a Windows Event when the virus definition reaches a certain age?

Thank you so much,

Vic

Operating Systems:

Comments 12 CommentsJump to latest comment

Rafeeq's picture

thats to notifiy when virus defs are out of date, warning message.

on a test machine, set this value to lower value you should see this event

Endpoint Protection client warning: "Old Virus Definition File"

http://www.symantec.com/business/support/index?pag...

quickvic's picture

Hi Rafeeq,

We don't need a pop-up on the client machine, we need a Windows Event.

Is there a way to generate a Windows Event (SYSTEM or APPLICATION event) when the virus definition reaches a certain age?

ᗺrian's picture

Those are written automatically, there is no option to configure specific ones

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

quickvic's picture

Hi Brian,

Are you saying there is no way to generate a Windows Event (SYSTEM or APPLICATION event) when the virus definition reaches a certain age?

ᗺrian's picture

To my knowledge, there is nothing that can be manually configured. It's auto-generated to the event log. I don't think there is anything specific to old virus defs.

There are reports and alerts from within the SEPM that can be setup for this.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

It will generate events when defs are out of date. Out of date defs are defined in the policy page.

I think its only then these events are created. I have not tested it myself though..please give it a try if you have a test box.

quickvic's picture

I have a test box and I have applied the setting in the link you provided.

The client gets a notification pop-up that the defs are out of date, but no system events are produced on the SEPM server or the client computer :(

ᗺrian's picture

Than it's unlikely you will get it to show in the windows event log.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

He was right then, we may need to look in to existing reports :(

quickvic's picture

Thank you guys anyways for thr quick help, much appreciated.

Maybe we can generate an email that generated an event :P

ᗺrian's picture

You can setup alerts to be mailed from the Monitors >> Notifications section

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mick2009's picture

Hi quickvic,

That's a very serious event.  That means that the definitions are missing, corrupt, or could not be loaded.  When you see that Event ID, SEP is not protecting your computer.

A reboot often fixes the issue.  If not, run LiveUpdate (and ensure it succeeds) to get new definitions onto the machine.  Then reboot!

Hope this helps!

Mick

With thanks and best regards,

Mick