Endpoint Protection

 View Only

  • 1.  "Filename: Unavailable" Every. Single. Day.

    Posted Dec 19, 2016 10:22 AM
    Filename: Unavailable  
        Hash Type / File Hash: Not Available  

     

    We have one client system that shows up in the report every day it's turned on with this Unavailable stuff in quarantine.  I'm finding nothing in any logs that give any indication of what the actual issue is, if indeed there is one.

    I'm reluctant to reinstall SEP, since if there really is something on that endpoint that's being blocked, that may let it through.

    Anyone have any idea what would cause something like this and/or how to resolve?



  • 2.  RE: "Filename: Unavailable" Every. Single. Day.

    Posted Dec 19, 2016 04:09 PM

    The most common scenario is that it was a temporary file that is no longer on the system. Or SEP may have stopped the threat before it touched the filesystem so there would be nothing to remove.

    Was this a Download Insight detection?



  • 3.  RE: "Filename: Unavailable" Every. Single. Day.

    Posted Dec 20, 2016 09:22 AM

    >>>Was this a Download Insight detection?<<<

    Not sure how I would even know this.

    It shows up in the "Symantec Endpoint Protection Daily Status" report, under the "Virus And Risk Detection By Action Taken" section.

    In SEPM, there doesn't appear to be any reports that have anything to do with Download Insight, with the possible exception of "Download Protection Signature Distribution," but signature distribution is irrelevant to this. The "Comprehensive Risk Report" has a section titled "Detection Summary by Download Insight Sensitivity Level " that shows 5 detections, but doesn't show what endpoints are involved when I run against all computers; if I run it against just this one computer, that section is all zeros.



  • 4.  RE: "Filename: Unavailable" Every. Single. Day.

    Posted Dec 20, 2016 09:31 AM

    What does the Risk log show under Monitors page >> Logs tab



  • 5.  RE: "Filename: Unavailable" Every. Single. Day.

    Posted Dec 20, 2016 09:34 AM

    Ahhhh, thanks! In there, the source on all of these unavailable ones is Scheduled scan.



  • 6.  RE: "Filename: Unavailable" Every. Single. Day.

    Posted Dec 22, 2016 11:57 AM

    So nobody's seen this, and Symantec obviously doesn't bother with the forums, then?



  • 7.  RE: "Filename: Unavailable" Every. Single. Day.

    Posted Dec 22, 2016 12:01 PM

    The two scenario's I mentioned are the most common. Sorry but that is the best I can offer. My suggestion would be to get a ticket open with support since this is on-going and it looks like it can be reproduced.

    This forum is not an "official" support channel. While employees do check frequently it is on their own time.



  • 8.  RE: "Filename: Unavailable" Every. Single. Day.

    Posted Dec 23, 2016 11:31 AM

    This may be caused by a threat/risk that is already loaded in to the memory (then the file deleted from the disk). If you know the computer name of the device (on which this issus is occuring), you may use tools (such as sysinternal tools or "driverview") to check for malicious drivers/processes loaded in the memory or search for un-named drivers/processes loaded in the memory.

    You may also try scanning the concerned computer using Norton Bootable Recovery Tool. It MIGHT help.