Endpoint Protection

Hello community

It might be an easy one, but it is confusing me:
At the beginning of the week, I was pulling a risk log from the SEPM. We did some testing with EICAR files last week and I had to collect the logs for an auditor.
Everything alright, pulled the logs and delivered them.

Now, I wanted to do the same for other reasons but there are no more EICAR events anymore in the DB.

We, in fact, have configured the EICAR events to be deleted in the Risk Log Settings of the database.
So I am properly confused: Do these kind of events get therefore deleted based on another schedule than the rest of entries in the Risk Log? Or why are there no more EICAR events to be found in the log?

Cheers

see below blog how can test

How to test run your antivirus program

https://www-secure.symantec.com/connect/blogs/how-test-run-your-antivirus-program

Hi flutti,

This is expected behavior.  EICAR events are deleted by the SEPM database maintenance.

To prevent this, open the SEPM:

    Go to Admin Tab
    Click on Servers
    Right click on Local Site
    Go to Properties
    Select the Database tab
    uncheck "Delete EICAR events".

Please update the thread with news if this has solved your issue! &: )

Hi Mick

I get your point there and understand this.
But why have I been able to find the events at the beginning of this week (May 18th) and now they're gone for good?
The events occured on May 15th.

You know that I mean?

The EICAR events will be deleted during database maintenance. That event occurs every 24 hours. Until it happens you can see the EICAR files in logs and reports.