Video Screencast Help

In a log it says “Worst Detection: (Severity 4) Other”

Created: 23 Oct 2012 | 10 comments


In one log I found “Worst Detection: (Severity 4) Other” . Could anybody explain what is this?



Comments 10 CommentsJump to latest comment

Brɨan's picture

Can you provide a screenshot?

You can check this as a starting point:

Threat Severity Assessment

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture


Can you explain more ..

also Share Logs screen shot ?

Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture

Hello Sushanta,

You have provided limited information.

Could please let us know, what log was it?

Could you provide us a screenshot or probably the logs you see this in?

Secondly, I would suggest you to check these Articles:

Interpreting the log files for Symantec AntiVirus Corporate Edition and Symantec Endpoint Protection

What Does "Risk was partially removed" Mean?

Best Practices for responding to "Left Alone" in the virus or threat history log

Explanation of Action field values in Symantec Endpoint Protection 11 and Symantec AntiVirus 10.1

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Sushanta's picture


here are the logs ...which i got ...hope it helps!

what to know about the coloum in bold letters...WORST DETECTION!

Sequence No. Pattern Date Revision Version Insert Date Time Stamp Client Type Operating System Client Version Policy Version Policy Serial Policy Checksum IPS Serial NO IPS Checksum HI Status HI Reason HI Description Creation Time Status Last time status changed Site Name Attribute Extension Full Name Email Job Title Department Employee Number Employment Status Office Phone Mobile Phone Home Phone Auto-Protect On Infected Worst Detection Last Scan Time Last Virus Time Accepts Content Update Antivirus engine On Download Insight On SONAR On Tamper Protection On Intrusion Prevention On IE Browser Protection On Firefox Browser Protection On Early Launch Antimalware On Major Version Minor Version Restart Required Restart Reason Computer Name Computer Domain Name Current login domain Last download time Number Of Processors Operating System Language Total disk space Total memory Computer description Service pack Processor Type Processor Clock BIOS version TPM device installed Hardware Key Free memory Free disk space Time zone offset Network Threat Protection On Server Name Group Name Domain Name Current User IPS Version Deployment Status
138494 10/16/2012 21 2012-10-16 rev. 021 10/17/2012 4:47 10/18/2012 2:11 Symantec Endpoint Protection Windows XP Professional 12.1.1000.157 12.1.1989 0B4B-09/21/2012 21:43:52 302   Success Pass Host Integrity check passed   Requirement: "SEP AV Check (No remediation)" passed   Requirement: "rasauto32 Check" passed   Requirement: "Nwsapagent32 Check" passed  ######## Disabled ######## abc                     Enabled No (Severity 4) Other ######## ######## Yes Enabled Enabled - Advanced protection Enabled Enabled Enabled Enabled Enabled Client not reporting status 12 1 No   L-104098-R11 SYMC.SYMANTEC.COM SYMC.SYMANTEC.COM ######## 8 English 305242 MB 2999 MB   Service Pack 3 x86 Family 6 Model 30 Stepping 5 1729 HPQOEM - f Default System BIOS None 405CAC78B3201D44D0EF34954E811C2E 1704 MB 227479 MB 480 Enabled xyz My Company\Production Workstations SYMANTEC a 2012-10-16 rev. 011 No Status Reported.
Ashish-Sharma's picture


WORST DETECTION! Coloum not available.

Thanks In Advance

Ashish Sharma

greg12's picture

There is a Worst Detection column in the client status log (Monitor > Logs > Computer Status, detailed view or exported csv file). My guess is that's just "historical" stuff. It's not indicating a virus outbreak. In this case, there should be a red rhombus in the corresponding client status log line.

Possibly it's conforming to the WORSTINFECTION_IDX column in the SEM_AGENT table. See the SEP schema reference guide, page 162:

Ian_C.'s picture

Irrespective of what Mithun says below, that column always seemed to report what is the 'worst infection' detected by SEP during the life time of the workstation.

The client might be clean now, but sometime before it did have an infection.

Please mark the post that best solves your problem as the answer to this thread.
Mithun Sanghavi's picture


This is a Host intergrity OR Enforcer Log.

Here Host Intirity is passed.

Host Integrity check passed   Requirement: "SEP AV Check (No remediation)" passed   Requirement: "rasauto32 Check" passed   Requirement: "Nwsapagent32 Check" passed 


Worst Detection - (Severity 4) Other

It indicates that since the Host integrity is passed, its severity is lowest.

Enforcer Activity Log

Available information includes items such as event time, event type, enforcer name, enforcer type, site, severity, and description.

Event type

  1. All
  2. Management events
  3. Enforcer events
  4. Enable events
  5. Policy events


Hope that helps!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000's picture

First time i see this type of log here.... interesting

Has yet to appear in our SNAC log...