Endpoint Protection

 View Only
Expand all | Collapse all

SEP 11.x Risk Log Alert without Risk Log Entry

Migration User

Migration UserApr 20, 2009 05:08 AM

Migration User

Migration UserMay 04, 2009 09:48 PM

  • 1.  SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Apr 20, 2009 04:40 AM
    We got the following message in the morning whaen I turn ON the PC. Without naming the risk, it said SEP has found the risk, and requested to check the LOG.

    imagebrowser image

    Nothing further gets detected and the system books cleanly. While checking the LOG, no further LOG entries are found. (You can verify the same by checking the system date and log dates.

    Can someone suggests what is happening? Why no entries are looed inside the Risk Log, despite SEP reporting the same.

    This has happened more than once in last 15 days.

    Tejas







  • 2.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Apr 20, 2009 04:49 AM
    I also faced the same problem when i installed SEP 11.0 on my PC
    But after three four days the problem got solved automatically
    i also wondered about this & now i am eager to know how this happens.


  • 3.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Apr 20, 2009 04:50 AM

    I forgot to add the second picture for the above post.

    Here it is....Sorry for the inconvenience.

    You can see that all definations are up to date and log does not have the desired/suggested entry.

    imagebrowser image

    Expecting response.

    Tejas



  • 4.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Apr 20, 2009 04:58 AM
    hi tejas,
    can you tell me the version of SEP that is installed in your machine? and also what is showing on the server side?


  • 5.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Apr 20, 2009 05:08 AM
    Just uncheck the Notification.

    Nothing to worry


  • 6.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Apr 20, 2009 05:16 AM
    Just to be on the safe side, have you done a full system scan?
    It could also either be a threat on a mapped network drive that your PC connects to on start up, a bug in SEP which could need addressing by downloading the latest release patch.


  • 7.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Apr 20, 2009 05:21 AM
    Just neglect the problem
    This not the big issue.Do full system scan again.


  • 8.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 04, 2009 09:48 PM
    We are using SEP 11.0 MR4

    Tejas


  • 9.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 04, 2009 09:52 PM
    We have done full system scan, but it keeps appearing.

    Tejas


  • 10.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 04, 2009 11:47 PM
    Have you tried to restart the Symantec Service? Please try to delete infected files on the quarantine.


  • 11.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 05, 2009 01:46 PM
    Is the threat W32.SillyFDC?
    You did say that there was a popup alert and I was wondering if the W32.SillyFDC also reappears.


  • 12.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 05, 2009 02:56 PM
    Interesting - I get email alerts about network threats and the message attachments (the MHT file) basically shows nothing at all!
    I get dozens of them each week - email alert, see attachment, I open the attachment, nothing there!
    They are always attachments of 143kb in size.
    Are they related?



  • 13.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 05, 2009 08:05 PM
    @ShadowsPapa: Maybe there is supposed to be something in it, like a link that was filtered out.
    I'm using Symantec Threat Reporter (Different product) and we do get email alerts that only contains links. Or if you're getting a blank file attachment then maybe there is a problem with how the software handles the creation of files.


  • 14.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 05, 2009 09:46 PM
    Hi Shadows Papa,based from my experience, i get these alerts usually blank if we have servers/clients with different timezones. I always make a point to check the filter used for the alerts/notifications.


  • 15.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 06, 2009 02:21 PM
    @Tejas Shah: Does the W32.SillyFDC also appear with the unknown alert? Is there any other alerts in the Proactive Threat Protection and the Network Threat Protection?


  • 16.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 06, 2009 02:38 PM
    may due to old updates
    hav u tried live Update ......


  • 17.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 10, 2009 11:51 PM
    There seems to be no clear cut solution with the Community member. I have made enought trial and erros, but the message keeps appearing. Will definately look forward for a help from Team Symantec.


  • 18.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted May 11, 2009 12:19 AM
    Hi Tejas, but based from the screenshot, the location of the 2nd threat is not available anymore. Is this on a USB drive?


  • 19.  RE: SEP 11.x Risk Log Alert without Risk Log Entry

    Posted Jun 29, 2009 03:05 AM
    Since hte file is deleted the location of the 2nd thread is not available.


    Tejas