Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Single Rick Event alerting file path unavailable

Hogan ChenMay 06, 2010 12:35 PM

I have noticed that some of my single risk event alert displayed infected file path is unavailable as ...

Migration UserMay 06, 2010 01:28 PM

This could be a number of things. The most common is a temporary file that is no longer on the system. ...

1. Single Rick Event alerting file path unavailable

0 Recommend
Hogan Chen
Posted May 06, 2010 12:35 PM

Reply Reply Privately
I have noticed that some of my single risk event alert displayed infected file path is unavailable as the example below

Subject: Single Risk Event

Message from:
      Server name: xxxx
      Server IP: xxxx

At least one security risk found:

Risk name: Downloader
File path: Unavailable
Event time: 2010-05-06 00:27:38 GMT
Database insert time: 2010-05-06 01:17:53 GMT
User: SYSTEM
Computer: xxxx
IP Address: xxxx
Domain: xxxx
Server: xxxx
Client Group: xxxx
Action taken on risk: Details pending

Does anyone know what is going on there?

I checked on the log on the host, it looked like that the alert pick that unavailable value from the log, but can someone from Symantec explain any reason it is unavailable?

280406091B26,51,1,2,EBFID70185331,SYSTEM,Downloader,Unavailable,3,4,18,256,33554436,"",0,,0,101 {FCE31AF5-3680-4B8A-9894-DA50AFC6D939} 0 1    Downloader 2;0;13 0 0 521f928b-be3a-4188-ac12-37d467517a4b 0,0,26637,0,0,0,,,0,,0,0,0,0,,{C8B679C9-96CE-41A8-B55F-5590F4279CF3},

Thanks
2. RE: Single Rick Event alerting file path unavailable

0 Recommend
Migration User
Posted May 06, 2010 01:28 PM

Reply Reply Privately
This could be a number of things. The most common is a temporary file that is no longer on the system. Or we also could have stopped the threat before it touched the filesystem, so there is nothing on the filesystem to remove.

Copyright 2019. All rights reserved.

Powered by Higher Logic