Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

HOW-TO: Write AV events to Windows Logs

Created: 10 Apr 2013 • Updated: 16 Apr 2013 | 4 comments
This issue has been solved. See solution.

Our SEPMs run SEP 12 RU2. How do I write AV events to Windows Logs so that user can see these events in Event Viewer?

So far, all the AV events are written to the SQL database.


Thank you.

Operating Systems:

Comments 4 CommentsJump to latest comment

_Brian's picture

There should be an event log for SEP already there. Is it not there?

It also may write to the Application log

RSASKA's picture



I understand that SEPM writes to Event Viewer > Application events such as "Scan Started" and "New virus definition file loaded.", but what about AV events such as a virus has been found on Computer Name, IP address.

How to configure this in SEPM?

The Enemy's greatest fear is that you'll discover who you really are, what you're really worth, and where you're headed.


_Brian's picture

SEP has its own Windows Event log section. This is added during the install:



Now with that being said, go into the SEPM and Open your AV policy

Select Miscellaneous >> Log Handling tab

These are the events that can be configured. It says that all events checked will be sent from the client to the management server. However, I'm not 100% sure if these also show up in the SEP Windows event log. I do know that if a virus is found, acted on, etc than it does show up in the SEP Windows event log.

Looking at my SEP Windows Event log and comparing to the SEP client logs, they both look to contain the same info so if you configure this in the SEPM, it should show up in the SEP Windows event logs as well.

This is the only place in the SEPM I know to configure it.

Rafeeq's picture

SEPM does not write to Event viewer other than these events

Virus found events are wrote to logs folder on the client side. You can ask them to view the client logs rather than looking into event log :)