Can anyone explain to me what is "multiple risk"?
is that you receiving multiple notification for sam event?
is it seen in risk logs?
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
yes, it is seen in risk logs.
can you post the risk logs?
Below is the risk log:
Compressed File m1alan Scheduled scan Multiple Risks 1 C:\Documents and Settings\alan\Application Data\Thunderbird\Profiles\u95ietbg.default\Mail\Local Folders\Trash Still contains 1 infected items Left alone Leave alone (log only) Leave alone (log only) 9/18/2011 22:55 9/18/2011 23:22 Default SYSTEM symantecsrvr11 My Company\test install for SEP 12.1 (XP 32-bit) - 1 0.0.0.0 SHA-1 0 Antivirus engine N/A Reputation was not used in this detection. Reputation was not used in this detection. Reputation was not used in this detection. Off ######## ######## Windows XP Professional 0
Its more than one,
u r machine may be infected with virus, a worm, a spyware, many infections.
Not sure if u have checked this option in the sepm logs.
Event compression consolidates multiple "risk-found" events into a single security event. Over time, and especially during a security event, event compression can help keep the database size within manageable limits
looks like Compressed File m1alan detected multiple risks within this archived file. Can you check and let know if that is true!
I checked the location and found out that the file is still there. I scanned it again then it still detected a "multiple risk" threat.
So I manually deleted the file. When i scanned it, there are no more threats detected.
It seems that Symantec was not able to delete the file itself.
as I said mutiple risk are grouped together compressed,
actions are performed based on type of risk, here u see the first as Left alone Leave alone (log only) Leave alone (log only) , may be that y it did not delete it.
if second action was delete it would have done that, not sure what was second action in this case, u can check that in Scan settings.
For all Malwares detected, i set the first action to clean, and second action to quarantine the risk file.
For Security Risks(Adware, Spyware, Trackware, Hacktools,etc.), I set the first action to quarantine, then the second action to delete the risk file.
I dont know why for this kind of risk, the first and the second action failed..
Anyways, if Symantec failed to do the first and the second action, I manually delete it.
Thanks for you replies. ^_^