Endpoint Protection

 View Only

  • 1.  New Risk Found report shows "Nothing to Report"

    Posted Jun 20, 2013 08:38 AM

          This just started yesterday when we received alerts of a pair of trojans were found. When I opened the emai for each alert, it showed "Nothing to Report". When logged onto the SEPM and viewed the notifications, it showed "Nothing to Report" on the report tab. When I navigated to the Logs section and ran a report for new Risks, those two new trojan alerts didn't show up. What's going on?

    • New risk found: Trojan.Maljava!gen19.
    • New risk found: Trojan.Ransomlock!g47.

    Meanwhile the reporting seems to be behaving for other risks, network threat protection, and administrative notifications. We're currently using SEPM 12.1. Why would SEPM have an issue with these two trojan detections? It's not showing the originating workstations that's caused the alert.

     



  • 2.  RE: New Risk Found report shows "Nothing to Report"

    Posted Jun 20, 2013 08:42 AM

    What's the exact version of 12.1?

    Is the Risk log on the client showing the trojan?



  • 3.  RE: New Risk Found report shows "Nothing to Report"

    Posted Jun 20, 2013 08:45 AM

    The exact version of 12.1.2015.2015.  There are no client details within the report itself so there is no way to  identify the workstation(s).



  • 4.  RE: New Risk Found report shows "Nothing to Report"

    Posted Jun 20, 2013 08:45 AM

    Do you have enhanced security enabled in Internet explorer?  if yes check this document

    http://www.symantec.com/business/support/index?page=content&id=TECH97491



  • 5.  RE: New Risk Found report shows "Nothing to Report"

    Posted Jun 20, 2013 08:53 AM

    The workstation that I'm using is Win7 and I don't believe IE-ESC is a feature.



  • 6.  RE: New Risk Found report shows "Nothing to Report"

    Posted Jun 20, 2013 09:00 AM

    It seems to me that the query that generates this alert is not working properly.

    I looked thru the fix notes for the two newer versions of SEP (RU2 MP1 and RU3) but did not find anything related to your issue.

    Were any changes made within the last few days?

    You may want to query the DB on this directly to see what comes up. If something shows up, I suspect the query didn't properly work, for whatever reason.



  • 7.  RE: New Risk Found report shows "Nothing to Report"

    Trusted Advisor
    Posted Jun 20, 2013 10:05 AM

    Hello,

    Check this article - 

    "Nothing to report" when viewing out of date virus definition notification

    http://www.symantec.com/business/support/index?page=content&id=TECH97491

    If the above steps does not work, please delete the notification and create a new one.

    Hope that helps!!



  • 8.  RE: New Risk Found report shows "Nothing to Report"

    Broadcom Employee
    Posted Jun 20, 2013 12:19 PM

    Hi,

    Check this technical write up against Trojan.Maljava!gen19

    http://www.symantec.com/security_response/writeup.jsp?docid=2012-050804-2151-99

    Trojan.Ransomlock!g47 write up is not available however other write ups are available similar to this

    http://www.symantec.com/security_response/writeup.jsp?docid=2009-041513-1400-99

    http://www.symantec.com/security_response/writeup.jsp?docid=2011-051715-1513-99

    Check this link as well: http://www.symantec.com/security_response/definitions/certified/

    Best practices for responding to active threats on a network

    http://www.symantec.com/docs/TECH122466
     
    Here are some excellent suggestions on how to keep your computers, their users and data safe:
     
    http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0