Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

SEP in FileStore

Created: 02 Nov 2011 • Updated: 08 Nov 2011 | 5 comments
This issue has been solved. See solution.

Hello,

I need to have report from SEP included in FileStore.

Actually, i have no solution to known if a scan h rformed, and i need to have a confirmation to said : "The SEP ran normaly, but it didn't found anything".

I try to install SEP Manager on a windows, but i can't deploy a client. The liveUpdate Manager is just for signatures, not for report.

Anybody knowns how to have daily report of the SEP activity ?

Thank you. 

Discussion Filed Under:

Comments 5 CommentsJump to latest comment

Sean Craig's picture

Hi Loic,

You are correct that there's limited reporting for the AV module.  Look to have this updated in our next major release.

regards

Sean

SOLUTION
teiva-boy's picture

IIRC it's just AV for Linux under SUSE.

That said, I think you can syslog it and capture it with other security tools, Symantec's own SSIM comes to mind...

There is an online portal, save yourself the long hold times. Create ticket online, then call in with ticket # in hand :-) http://mysupport.symantec.com "We backup data to restore, we don't backup data just to back it up."

SoCalSYM's picture

At the command line, you can go into "AntiVirus" subcommand, then type "quarantine list" to see what files have been put into quarantine.  "show logs" will display the following:

TIME TO SCAN, TOTAL THREATS, FILES OMITTED, FILES SCANNED

maybe this will help you find what you need.

 

regards

Loic Bouquet's picture

 

Hello,

I have found information in the system :

SFS01_01:/var/symantec/Logs # ls -lrt
total 48
-rw------- 1 root root 2923 Oct 12 23:18 10122011.log
-rw------- 1 root root 1788 Oct 24 19:07 10242011.log
-rw------- 1 root root  827 Oct 25 00:01 10252011.log
-rw------- 1 root root  415 Oct 26 17:16 10262011.log
-rw------- 1 root root  415 Oct 28 17:16 10282011.log
-rw------- 1 root root  415 Oct 30 17:16 10302011.log
-rw------- 1 root root  415 Nov  1 17:16 11012011.log
-rw------- 1 root root 1739 Nov  2 17:16 11022011.log
-rw------- 1 root root  534 Nov  3 01:39 11032011.log
-rw------- 1 root root  417 Nov  4 17:16 11042011.log
-rw------- 1 root root  417 Nov  6 17:16 11062011.log
-rw------- 1 root root  417 Nov  8 17:16 11082011.log
SFS01_01:/var/symantec/Logs # tail 11082011.log

290A08111002,3,2,1,SFS01_01,root,,,,,,,16777216,"Scan started on selected drives and folders and all extensions.",1320768966,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,1.0.11.19,,,,,,,,,,,,,,,,0,,,,

290A08111004,2,2,1,SFS01_01,root,,,,,,,16777216,"Scan Complete:  Threats: 0   Scanned: 108   Files/Folders/Drives Omitted: 0",1320768966,,0,0:0:108:0,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,1.0.11.19,,,,,,,,,,,,,,,,0,,,,

SFS01_01:/var/symantec/Logs # tail 11062011.log

290A06111002,3,2,1,SFS01_01,root,,,,,,,16777216,"Scan started on selected drives and folders and all extensions.",1320596165,,0,,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,1.0.11.19,,,,,,,,,,,,,,,,0,,,,

290A06111004,2,2,1,SFS01_01,root,,,,,,,16777216,"Scan Complete:  Threats: 0   Scanned: 108   Files/Folders/Drives Omitted: 0",1320596165,,0,0:0:108:0,,,,0,,,,,,,,,,,,,,,,00:50:56:a9:00:00,1.0.11.19,,,,,,,,,,,,,,,,0,,,,

SFS01_01:/var/symantec/Logs #
Like you see, it's possible to performe some verification about automatic scans ;)
 
My schedules are like this :
SFS01> antivirus job show

Jobname   FS       State      Minute Hour Day Month WeekDay Preferrednode
=======   ===   ========== ====== ==== === ===== ======= =============
Scan      fs_demo    SCHEDULED     15     17   *    *      *

SFS01>
 
 
@SoCalSYM
I'm not agree with you, because if your first action is clean, you did not seen the cleaning action, only the quarantine action.
    

 

SFS01> antivirus quarantine list
QID               Quarantine file
----------------- ----------------
SFS01_01_5B700000 /vx/fs_demo/eicar.zip
SFS01_01_EB700004 /vx/fs_demo/eicar.zip
SFS01_01_EB700002 /vx/fs_demo/eicar.zip
SFS01_01_1B700000 /vx/fs_demo/eicar.zip
SFS01_01_EB700000 /vx/fs_demo/Test Virus.txt
SFS01_01_EB700001 /vx/fs_demo/eicar.zip
SFS01_01_EB700003 /vx/fs_demo/eicar.zip
SFS01_01_BB700000 /vx/fs_demo/eicar.zip
SFS01_02_2B700000 /vx/fs_demo/AA_ReferentielDocumentation/eicar.zip
SFS01> 
SFS01> 
SFS01> antivirus quarantine info
Please wait ... It will take some time ...
Item:           5B700000
Description:    /vx/fs_demo/eicar.zip
Full Path:      /vx/fs_demo/eicar.zip
Log Line:       290919000103,5,1,1,SFS01_01,root,,/vx/fs_demo/eicar.zip,1,1,1,2147483647,33571876,"",1319493664,,0,,1534066688,0,0,0,0,,,,,0,0,,0,,,,,,,,,,,,,,,,,,,,,,,,0,,,0,
Flags:          INFECTED
Quarantined:    Tue Oct 25 00:01:03 2011
Created:        Tue Oct 25 00:01:03 2011
Last Accessed:  Tue Oct 25 00:01:03 2011
Last Modified:  Mon Oct 24 19:08:59 2011
Truncked output.

 

Sean Craig's picture

Hi Loic,

As a reminder (also for others who find this thread later), command-line access to FileStore is via the CLI using FileStore admin users.  Shell access (as you've shown above) is limited to Support should any debugging be required.

thanks

Sean