Video Screencast Help

What is the SEPM Risk: "Manually Generated Anomaly"?

Created: 08 Mar 2013 • Updated: 08 Mar 2013 | 12 comments

I have a report from SEPM citing a new risk "Manually Generated Anomaly"?  What is it?  Interestingly enough, Googling that precise phrase only garners a single hit (until this posting gets indexed I suppose), but it's in Japanese.

 

 

Operating Systems:

Comments 12 CommentsJump to latest comment

.Brian's picture

Can you post a screenshot of this. I've seen this before. Very interesting. Does it give any other info?

File location? I assume it shows the hostname/IP of affected machine?

What scan caught it? Auto-protect? Heuristic?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Bill_K's picture

Caught by auto-protect.  I'm looking at the log events now-- the file being flagged (and "cleaned") is a .dll associated with scheduling software that hooks into Outlook.  I might be submitting this to security response...

.Brian's picture

Sounds like a false positive:

You can submit here for review:

https://submit.symantec.com/false_positive/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Bill_K's picture

That's the plan-- can someone from Symantec explain what that threat means?  There is no reference to it anywhere on the symantec site that I can find...

cus000's picture

Sounds like a generic name, never heard this one before..

Googled and found nothing...

Bill_K's picture

Update:

  Latest definitions don't flag the file any longer

  I'm running SEP 12 (in response to KB article reference, above)

 

Bill_K's picture

Wow-- now I have 21 hits, but they're all sites that seem to be mirroring the Symantec forums (e.g. all hits come back to this post).  Mental note to be exta careful what I discuss here. :-)

 

I really hate to see undocumented stuff in security software-- I just haven't had the bandwidth to deal wtih support.

Bill_K's picture

Update (for the benefit of anyone else that runs into this):

  I opened a ticket with technical support, after some frustration was told that I've been esclated to level 2, and that "Manually Generated Anomaly" is not a proper risk label and that the SEP client is not working as expected. 

Troubleshooting continues...

.Brian's picture

Good to know and thanks for sharing. Keep us updated as you go yes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mick2009's picture

Hi Bill,

No doubt you'll get an official answer in due course.  I've heard of this a few times over the years: I believe that's an internal identifier used by the SEP Eraser component for some heuristic detections.  (There's no official virus name for the file in question, so it is temporarily labelled "Manually Generated Anomaly" while being processed.)  A different status or file name is usually assigned before being displayed on screen or in the logs, but once in a long while "Manually Generated Anomaly" is displayed on screen. 

You can probably treat that funny name in your SEPM report as a cosmetic defect, but that's just my hunch.  No doubt the official case owner will come back with a fully-investigated response soon.

Hope this helps!  &: )

Mick   

With thanks and best regards,

Mick

Mithun Sanghavi's picture

Hello,

Thank you Mick for the comment.

@Bill_K, we are aware and looking at your Case # 03976452.

We appreciate you for creating the case.

I would appreciate you to update the Technical Support Engineer with the supported logs.

I am sure you would receive an official statement very soon.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.