No one has run into this issue?

I'm getting this too, althought it's only on a few machines and I can't figure out that they have anything in common.  I'm hoping someone knows how to stop this.  It's not causing major problems but it is really annoying.  Thanks

Sutton

I have been working with Symantec Tech Support on this and we have a theory. Apparently they found my logs some ping of death attacks that are being blocked by Endpoint, which in turn could cause the risks detected when logged off pop-up.

We are still trying to figure out if it is a false positive or if there is actually something cause them. I am personally leaning towards a false positive.

I'm sure you may have tried this already... I tried reinstalling SEP on 1 of the 2 machines that were having this issue and I haven't seen the pop-up since.

Sutton

How about the info on the SEPM server does it display any risks detected on that computer?

SEPM shows no risks detected and none of the client logs show anything. That is the weird part about this. We simply cannot find what could be causing this. The ping of death thing I mentioned above? Turns out it is a false positive, from a diagnostic tool Symantec sent me to run on these machines in an attempt to find out what was going on. The damn tool tiggered these ping of death alerts that showed up in the logs it collected!

I'm getting to the point where we may just use CleanWipe on the machines with this issue. But I would prefer fixing this so it won't happen in the future.

Hi can you give us more info, version of SEPM, a little backgroud on your network? corporate fw? etc..

Just started seeing this on my network.  Seemed to correspond with virus TrojanfakeAValert....

Maybe this is the Fake Alert?????

Have 1 client showing this.  Started after SEP blocked/deleted an infected PDF from the internet a couple of days ago.

Full scan in Safe Mode as Admin turns up nothing except one tracking cookie that it then deleted.  Logging the user in and out doesn't show it - only after it's been left on with her logged out all night.

Running the latest MR4, 11.0.4014.26.

My hardware perimiter firewall blocks any incoming pings.

Nothing I can find in her SEP or Windows logs.

XP SP3.

SEPM doesn't show anything.  I believe.  I'm still finding it hard to find everything in there.  I checked the notifications for the past 12 hours and nothing.  I checked the Security Status report and nothing.

Started seenig this message after coming back to work on my own machine.  No entries in logs, or quarantine.  No sign of any problems, just an annoying message a couple of times each week.

Please scan the client under safe mode.

Even I've had this issue a few times on my system.

Seems that SEP terms even the setup for NESSUS or NMAP and ther such network mapping and troubleshooting tools as threats. A really WAG False Positive as I'd term it, and then quarantines the setup files.

So I went and excluded the folders where I'd stored the installables and VIOLA, the issue was gone.

 I'm running SEP 11.0.2000.1567. Every time a nightly scan is performed when no one is logged in I get the same message described in the original post upon signing back in. The risk log is always empty and the SEP Manager Console doesn't indicate any issues.

I encountered the same issue about the notification on my system tray, It prompt our end user "Symantec Endpoint Protection detected risks while you were logged out. You may need to open the Antivirus and Antispyware Protection Risk Log to view and take action on the risks." you can see this near on the system tray, some user have panic with this prompt, thanks god most of the end user are non it related, so they accept what we have explained. But the thing is why this prompt display even without risk detected? can you give me a procedure on how to disable the notification. As far as I know I have disbled all of the notification option found in the SEPM

I have been seeing this problem now on one of my clients. They are running 11 MR5

Did anyone ever figure out what causes this to occur and how to resolve the issue?

If any of you have a better suggestion, let me know.

as this is not the perfect way to do this, but at least clients won't freak-out :)

I changed this line in registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC]
"LaunchSmcGui"=dword:00000000

So basically this prevent GUI-tray icon to load.

Because I use the console most of the time. and SEP is still running and you can still manually launch the GUI.

Hope it helps !
:)

Any one got better suggestion ?

How to Turn off Display Notifications about detections when the user logs on
https://www-secure.symantec.com/connect/forums/front-end-pop-users-how-turn-it 

I am running 11 MR 5 and seeing this so it has not been resolved but still exist as a problem.

I also do not see anything in that options for auto-protect to turn off just that one pop up box, all I see the setting to turn off all notifications which I do not want to do. I want the people to see if that they gotten a virus. Turning off just that notice itself would be fine I guess, but that doesn't actually solve the problem, you are ignoring the fact that it is there. It seems like for the past few problems I have had the solution is always to turn off featuers or options.

I hope the next version if far more usable than 11 is.

Hope for the Best !! :)

...brought to my attention, upon checking out found that "Arugizer" trojan infected arucer.dll
deleted from quarantine, updated, ran full scan- clean, message has not come back yet.
Strange thing, when the user logs on and gets the popup stating Risks detected while logged off, her mouse stops working and she has to restart.

Has anyone found a resolution to this issue yet? 

We have Disabled this notification  as it panic the End Users.

Regards...
Ramji Iyyer

Ramji, can you disable only that notidication? or will it disable all other notifications?

Dan, its just this one pop up alert, with the message listed above, and it happens every day when the user logs on. It does not go away, it has been going on for months.