Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1 RU1 New risk notification with nothing to report

Created: 01 Oct 2012 | 3 comments

Hello,

I have searched through many posts on this forum and did not find one that mentions this exact issue...

I would like to know why some of the risk notifications we are reciving contain a blank body with the text: "Nothing to report." See below for one example. Generally, this notification contains the Client ID of the computer where the threat was detected under the "Network Threat Protection and Compliance Events" section. The administrator currently only has the one report setup to send email notifications to our group and until recently the notifications always contained this information.

The strange thing about these notifications is that the risks are mentioned nowhere in the logs or reports. There are not even any risks that were detected on the same day. I have run all of the risk reports and still see no mention of the risks mentioned in these notifications.

I would appreciate it if anyone knows 1. why the notifications are blank, and 2. If this requires any action on our part.

Thank you.

New risk found: Backdoor.ProxyBox.



Symantec Endpoint Protection

Notification Events

09/17/2012 15:45:00 to 09/17/2012 15:46:00

  Print      

 

 Nothing to Report

Comments 3 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

What version of SEP SBE 12.1 are you running?

Backdoor.Proxybox is a Trojan horse that opens a back door on the compromised computer.

Check this BLOG: https://www-secure.symantec.com/connect/blogs/backdoorproxybox-kernel-file-system-hooking

Do you receive all the Notification in the Blank Format?

In this case, I would suggest you to make sure all the machines are running Full Feature set of SEP SBE 12.1 (AV/AS, PTP and NTP) on their machines and run a Full scan.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

claytonJCPH's picture

Thank you for your reply,

We are currently on version 12.1.1000.157 RU1.

Almost all of our risk notifications contain a report. We have only seen a handfull of notifications (a total of 4-5 in the past two months) that state "Nothing to report",  all of the other notifications list the client and other required information. 

All of our clients are running fully featured SEP 12.1

What i would really like to know is why there is nothing in the logs and reports regarding this risk, and why are these different from all of the other notifications?

Rafeeq's picture

Hi

check this article

"Nothing to report" when viewing out of date virus definition notification

http://www.symantec.com/business/support/index?page=content&id=TECH97491

if above does not work

delete the notification and create a new one.