Video Screencast Help

SEP 12.x Threat Detection notification while logged out

Created: 24 May 2011 • Updated: 24 May 2011 | 6 comments
.Brian's picture

When I log in to a box running SEP 12.1 beta, I continue to get a notification windows that says, SEP has detected risks while you were logged out

When I check the Risk log, it is empty. Also, I do not see anything in the SEPM for this machine.

It was upgraded from RU6 MP3. Could this be a glitch?

Comments 6 CommentsJump to latest comment

VKalani's picture

I have seen this  happen even on versions  like  RU5, RU6 etc....so, it is nothing to do with SEP 12.X per se, or it being  upgraded  from ru6  mp3..

 

Check the  quarantine items. Are there any items in BACKUP state?  those could be  causing this...you can delete those items..

 

Also, please  see this:

http://www.symantec.com/business/support/index?page=content&id=TECH105373&actp=search&viewlocale=en_US&searchid=1306329246589

-VKalani

.Brian's picture

On both machines, the quarantine folder was empty but I did look at the SrtETmp folder and both had one file in there. A .tmp file

Can this be causing the issue and can it be deleted?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

VKalani's picture

I don't think these files would cause the issue....did you look nat the link I pasted above?

-VKalani

.Brian's picture

Yea but I'm unable to find anything in the logs to indicate a threat of any kind. Quarantine is empty as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Paul Murgatroyd's picture

Brian, do you see anything in the PTP logs at all?  Wondering if it may be a SONAR detection too..

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

.Brian's picture

PTP is empty as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.