Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Multiple Risks

Created: 18 Sep 2011 | 9 comments

Hi All,

Can anyone explain to me what is "multiple risk"?

Comments 9 CommentsJump to latest comment

pete_4u2002's picture

is that you receiving multiple notification for sam event?

is it seen in risk logs?

Geneviere's picture

Below is the risk log:

Compressed File m1alan Scheduled scan Multiple Risks 1 C:\Documents and Settings\alan\Application Data\Thunderbird\Profiles\u95ietbg.default\Mail\Local Folders\Trash Still contains 1 infected items Left alone Leave alone (log only) Leave alone (log only) 9/18/2011 22:55 9/18/2011 23:22 Default SYSTEM symantecsrvr11 My Company\test install for SEP 12.1 (XP 32-bit) - 1 0.0.0.0 SHA-1 0 Antivirus engine N/A Reputation was not used in this detection. Reputation was not used in this detection. Reputation was not used in this detection. Off ######## ######## Windows XP Professional  0

Rafeeq's picture

Its more than one, 

u r machine may be infected with virus, a worm, a spyware, many infections.

Not sure  if u have checked this option in the sepm logs.

Event compression consolidates multiple "risk-found" events into a single security event. Over time, and especially during a security event, event compression can help keep the database size within manageable limits

pete_4u2002's picture

looks like Compressed File m1alan detected multiple risks within this archived file. Can you check and let know if that is true!

Geneviere's picture

I checked the location and found out that the file is still there. I scanned it again then it still detected a "multiple risk" threat. 

So I manually deleted the file. When i scanned it, there are no more threats detected. 

It seems that Symantec was not able to delete the file itself.

Rafeeq's picture

as I said mutiple risk are grouped together compressed, 

actions are performed based on type of risk, here u see the first as Left alone Leave alone (log only) Leave alone (log only) , may be that y it did not delete it.

if second action was delete it would have done that, not sure what was second action in this case, u can check that in Scan settings. 

Geneviere's picture

hi

For all Malwares detected, i set the first action to clean, and second action to quarantine the risk file.

For Security Risks(Adware, Spyware, Trackware, Hacktools,etc.), I set the first action to quarantine, then the second action to delete the risk file.

I dont know why for this kind of risk, the first and the second action failed..

 

Anyways, if Symantec failed to do the first and the second action, I manually delete it.

 

Thanks for you replies. ^_^