Compressed File m1alan Scheduled scan Multiple Risks 1 C:\Documents and Settings\alan\Application Data\Thunderbird\Profiles\u95ietbg.default\Mail\Local Folders\Trash Still contains 1 infected items Left alone Leave alone (log only) Leave alone (log only) 9/18/2011 22:55 9/18/2011 23:22 Default SYSTEM symantecsrvr11 My Company\test install for SEP 12.1 (XP 32-bit) - 1 0.0.0.0 SHA-1 0 Antivirus engine N/A Reputation was not used in this detection. Reputation was not used in this detection. Reputation was not used in this detection. Off ######## ######## Windows XP Professional 0
u r machine may be infected with virus, a worm, a spyware, many infections.
Not sure if u have checked this option in the sepm logs.
Event compression consolidates multiple "risk-found" events into a single security event. Over time, and especially during a security event, event compression can help keep the database size within manageable limits
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
as I said mutiple risk are grouped together compressed,
actions are performed based on type of risk, here u see the first as Left alone Leave alone (log only) Leave alone (log only) , may be that y it did not delete it.
if second action was delete it would have done that, not sure what was second action in this case, u can check that in Scan settings.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Comments 9 Comments • Jump to latest comment
is that you receiving multiple notification for sam event?
is it seen in risk logs?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
yes, it is seen in risk logs.
can you post the risk logs?
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
Below is the risk log:
Compressed File m1alan Scheduled scan Multiple Risks 1 C:\Documents and Settings\alan\Application Data\Thunderbird\Profiles\u95ietbg.default\Mail\Local Folders\Trash Still contains 1 infected items Left alone Leave alone (log only) Leave alone (log only) 9/18/2011 22:55 9/18/2011 23:22 Default SYSTEM symantecsrvr11 My Company\test install for SEP 12.1 (XP 32-bit) - 1 0.0.0.0 SHA-1 0 Antivirus engine N/A Reputation was not used in this detection. Reputation was not used in this detection. Reputation was not used in this detection. Off ######## ######## Windows XP Professional 0
Its more than one,
u r machine may be infected with virus, a worm, a spyware, many infections.
Not sure if u have checked this option in the sepm logs.
Event compression consolidates multiple "risk-found" events into a single security event. Over time, and especially during a security event, event compression can help keep the database size within manageable limits
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
looks like Compressed File m1alan detected multiple risks within this archived file. Can you check and let know if that is true!
Cheers!
Pete
Help Link: http://www.symantec.com/business/support/overview.jsp?pid=54619
I checked the location and found out that the file is still there. I scanned it again then it still detected a "multiple risk" threat.
So I manually deleted the file. When i scanned it, there are no more threats detected.
It seems that Symantec was not able to delete the file itself.
as I said mutiple risk are grouped together compressed,
actions are performed based on type of risk, here u see the first as Left alone Leave alone (log only) Leave alone (log only) , may be that y it did not delete it.
if second action was delete it would have done that, not sure what was second action in this case, u can check that in Scan settings.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
hi
For all Malwares detected, i set the first action to clean, and second action to quarantine the risk file.
For Security Risks(Adware, Spyware, Trackware, Hacktools,etc.), I set the first action to quarantine, then the second action to delete the risk file.
I dont know why for this kind of risk, the first and the second action failed..
Anyways, if Symantec failed to do the first and the second action, I manually delete it.
Thanks for you replies. ^_^
Would you like to reply?
Login or Register to post your comment.