Video Screencast Help

How do I disable popup message on clients?

Created: 20 Jan 2009 • Updated: 21 May 2010 | 11 comments
northern light's picture

I'm running SEP MR3 and clients (Windows servers) are receiving the following unwanted message when SEP has found a risk:

"Symantec Endpoint Protection detected risks while you were logged out. You may need to open the Antivirus and Antispyware Protection Risk Log to view and take action on the risks."

When I check the Risk log on the clients receiving this message there are risk detections listed and they are cleaned or quarantined. In the antivirus and antispyware policy I have turned off the notification (unchecked both Display a notification message on the infected computer and Display the Auto-Protect results dialog on the infected computer) because I don't want end users seeing the message, specially when they are handled as expected.

Does anyone know how to suppress that message?

Comments 11 CommentsJump to latest comment

Hear4U's picture

Hi northern light,

I would recommend starting in the knowledge base and/or the top 25 articles section of these boards (SEP), which outline many common issues people have along with solutions to resolve them.  The KB is a search utility that pulls from a variety of documents to help you find what you may need. (KB) (top 25)



check out the community at

Jason1222's picture

If you clear the log files from the SEPM server, you should no longer receive the messages.  To do so, follwo this thread:


I followed this to clear the Home Page (Dashboard) and it also eliminated my pop-ups.

northern light's picture



I've read a lot of articles in KB, forums, Top Articles and gone thorough through several pdf guide's but have not found any solution to this problem. I've also tried to clear the log files as mentioned by Jason1222, with no success.


As said my clients are Windows servers running SEP MR3 but now I also have a lot of them on MR4 with the same problem.


I've done this on the SEPM server:

In the Client Install Feature Set I'm using, ONLY the Antivirus and Antispyware Protection is enabled.
So Network Threat Protection and Proactive Threat Protection is not selected.


On the Antivirus and Antispyware Policy page I've done the following:

I've disabled and locked both "Display a notification message on the infected computer" and "Display the Auto-Protect results dialog on the infected computer", on the File System Auto-Protect Notifications tab.


Auto-Protect for Internet Email, Microsoft Exchange, or Lotus Notes are disabled and also the "Display a notification message on the infected computer" on the Notifications tab for them.


TruScan Proactive Threat Scans is not supported on the client computers that run Windows server operating systems or Windows XP 64-bit operating systems so that's disabled and also the Notifications for that, and as mentioned above about my Client Install Feature Set, TruScan Proactive Threat Scan is not enabled.


In Miscellaneous "Disable Windows Security Center" is set to Never and "Display antivirus alerts within Windows Security Center" is disabled. On the Notifications tab all three notifications are disabled.



As far as I can see this problem must be due to a bug in SEP, but any constructive suggestions to anything I might have missed will be highly appreciated.




northern light's picture

Nobody with knowledge about this problem??

DaMoo's picture

I have only recently decided to try and get rid of the messages after several clients keep getting various Vundo, Antivirus2009, and AV360 infections. On one hand it is sort of burying one's head in the sand, but it's generating calls so often I don't have time to fix anything.


Anything with a notification tab has its options unchecked. I'll try to let you know how that's working out.



S1l3nc3 pl3as3's picture

Can you afford to disable the smcgui?


If you prevent SmcGui from loading, the following functionality is disabled:

  • No SEP icon on the system tray
  • No ability to open the system logs from the client GUI
  • No ability to see the firewall or SNAC status from the GUI (most customers will not install a firewall on their Terminal Server)
  • No startup scans
  • No delayed threat detection notifications
  • No missing or out of date definition notifications


Reference :


NTC's picture

Hi everyone,

I have the same issue, we are using SEP MR4 MP2. Any update???

I have a question, it is suppossed that all displayed messages are logged somewhere ...i have been looking in SEP logs but i cannot find were is stored this message log.. any idea???


Maddison's picture

I have a customer who was getting this with MR2, I have recently upgraded all clients to MR4 MP2 and we still get the POPUP, has anyone got an answer please, I have logged a support call and still cannot get it fixed.



Rule Breaker's picture

If not, I hope it gets some attention in MR5

The quieter you become, the more you are able to hear!

northern light's picture

You can always hope but I'm afraid you'll be disappointed. Just take a look at the "tremendous attention" from Symantec in this case.

africo's picture

MU5 Release Notes Excerpt:

 Unable to disable the "Threats were detected while you were logged out" message

    Fix ID: 1542336
    Symptom: With all notifications disabled, if a virus is discovered as part of a scheduled scan while the user is logged out, the user is notified that threats were discovered when the user logs in.
    Solution: Added an option to toggle the client-side notification of the message.