Hi northern light,

I would recommend starting in the knowledge base and/or the top 25 articles section of these boards (SEP), which outline many common issues people have along with solutions to resolve them.  The KB is a search utility that pulls from a variety of documents to help you find what you may need.

http://www.symantec.com/business/support/overview.jsp?pid=54619 (KB)

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008070715030248 (top 25)

Best,

Eric

If you clear the log files from the SEPM server, you should no longer receive the messages.  To do so, follwo this thread:

https://forums.symantec.com/syment/board/message?board.id=endpoint_protection11&message.id=23835#M23835

I followed this to clear the Home Page (Dashboard) and it also eliminated my pop-ups.

Hi,

I've read a lot of articles in KB, forums, Top Articles and gone thorough through several pdf guide's but have not found any solution to this problem. I've also tried to clear the log files as mentioned by Jason1222, with no success.

As said my clients are Windows servers running SEP MR3 but now I also have a lot of them on MR4 with the same problem.

I've done this on the SEPM server:

In the Client Install Feature Set I'm using, ONLY the Antivirus and Antispyware Protection is enabled.
So Network Threat Protection and Proactive Threat Protection is not selected.

On the Antivirus and Antispyware Policy page I've done the following:

I've disabled and locked both "Display a notification message on the infected computer" and "Display the Auto-Protect results dialog on the infected computer", on the File System Auto-Protect Notifications tab.

Auto-Protect for Internet Email, Microsoft Exchange, or Lotus Notes are disabled and also the "Display a notification message on the infected computer" on the Notifications tab for them.

TruScan Proactive Threat Scans is not supported on the client computers that run Windows server operating systems or Windows XP 64-bit operating systems so that's disabled and also the Notifications for that, and as mentioned above about my Client Install Feature Set, TruScan Proactive Threat Scan is not enabled.

In Miscellaneous "Disable Windows Security Center" is set to Never and "Display antivirus alerts within Windows Security Center" is disabled. On the Notifications tab all three notifications are disabled.

As far as I can see this problem must be due to a bug in SEP, but any constructive suggestions to anything I might have missed will be highly appreciated.

NL

Nobody with knowledge about this problem??

I have only recently decided to try and get rid of the messages after several clients keep getting various Vundo, Antivirus2009, and AV360 infections. On one hand it is sort of burying one's head in the sand, but it's generating calls so often I don't have time to fix anything.

Anything with a notification tab has its options unchecked. I'll try to let you know how that's working out.

SEP 11.0.4.2295

Can you afford to disable the smcgui?

If you prevent SmcGui from loading, the following functionality is disabled:

• No SEP icon on the system tray
• No ability to open the system logs from the client GUI
• No ability to see the firewall or SNAC status from the GUI (most customers will not install a firewall on their Terminal Server)
• No startup scans
• No delayed threat detection notifications
• No missing or out of date definition notifications

Reference : http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/43316a227377bbe58825745d007d3678?OpenDocument

Hi everyone,

I have the same issue, we are using SEP MR4 MP2. Any update???

I have a question, it is suppossed that all displayed messages are logged somewhere ...i have been looking in SEP logs but i cannot find were is stored this message log.. any idea???

Regards,
NTC

I have a customer who was getting this with MR2, I have recently upgraded all clients to MR4 MP2 and we still get the POPUP, has anyone got an answer please, I have logged a support call and still cannot get it fixed.

Regards

Maddison

If not, I hope it gets some attention in MR5

You can always hope but I'm afraid you'll be disappointed. Just take a look at the "tremendous attention" from Symantec in this case.

MU5 Release Notes Excerpt:

 Unable to disable the "Threats were detected while you were logged out" message

Fix ID: 1542336
Symptom: With all notifications disabled, if a virus is discovered as part of a scheduled scan while the user is logged out, the user is notified that threats were discovered when the user logs in.
Solution: Added an option to toggle the client-side notification of the message.