SEP 12.1 RU1 New risk notification with nothing to report
Hello,
I have searched through many posts on this forum and did not find one that mentions this exact issue...
I would like to know why some of the risk notifications we are reciving contain a blank body with the text: "Nothing to report." See below for one example. Generally, this notification contains the Client ID of the computer where the threat was detected under the "Network Threat Protection and Compliance Events" section. The administrator currently only has the one report setup to send email notifications to our group and until recently the notifications always contained this information.
The strange thing about these notifications is that the risks are mentioned nowhere in the logs or reports. There are not even any risks that were detected on the same day. I have run all of the risk reports and still see no mention of the risks mentioned in these notifications.
I would appreciate it if anyone knows 1. why the notifications are blank, and 2. If this requires any action on our part.
Thank you.
New risk found: Backdoor.ProxyBox.
| |
|
|||
|
||||
|
Nothing to Report
Comments 3 Comments • Jump to latest comment
Hello,
What version of SEP SBE 12.1 are you running?
Backdoor.Proxybox is a Trojan horse that opens a back door on the compromised computer.
Check this BLOG: https://www-secure.symantec.com/connect/blogs/backdoorproxybox-kernel-file-system-hooking
Do you receive all the Notification in the Blank Format?
In this case, I would suggest you to make sure all the machines are running Full Feature set of SEP SBE 12.1 (AV/AS, PTP and NTP) on their machines and run a Full scan.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Thank you for your reply,
We are currently on version 12.1.1000.157 RU1.
Almost all of our risk notifications contain a report. We have only seen a handfull of notifications (a total of 4-5 in the past two months) that state "Nothing to report", all of the other notifications list the client and other required information.
All of our clients are running fully featured SEP 12.1
What i would really like to know is why there is nothing in the logs and reports regarding this risk, and why are these different from all of the other notifications?
Hi
check this article
"Nothing to report" when viewing out of date virus definition notification
http://www.symantec.com/business/support/index?page=content&id=TECH97491
if above does not work
delete the notification and create a new one.
Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq
Would you like to reply?
Login or Register to post your comment.