Endpoint Protection

 View Only
  • 1.  Symantec Endpoint protection: Secondary Action 102

    Posted Apr 25, 2017 11:26 AM

    Hi All,

    I have noticed some logs as follows "Actual action: Left alone
    Requested action: Process terminate pending restart
    Secondary action: 102"

    I just wanted to know what does this code '102' mean? I searched it online but could not find any information regarding this. Is this a custom code?Kindly help me out. Thank you.



  • 2.  RE: Symantec Endpoint protection: Secondary Action 102

    Posted Apr 25, 2017 02:31 PM

    Moved to Endpoint Protection forum for better visibility.



  • 3.  RE: Symantec Endpoint protection: Secondary Action 102

    Posted Apr 25, 2017 02:31 PM

    Can you share a screenshot of it? I've never seen 102" before so it looks very odd.

    What is the exact SEP version you're running and does this entry in the client log itself or in the SEPM log?



  • 4.  RE: Symantec Endpoint protection: Secondary Action 102

    Trusted Advisor
    Posted Apr 26, 2017 03:19 AM

    Looking at the Database Schema Reference, it contains some other events various from client not running to reboot required.

    Another thing came up is 102 = "Forwarded - the event was received (forwarded) from another server"

    Do you have more than one SEPM server?

    However, thinking about it... it normally come up with a text, rather than an code so I am wondering if this is something new/bug?



  • 5.  RE: Symantec Endpoint protection: Secondary Action 102

    Posted Apr 26, 2017 08:55 AM
      |   view attached

    Hi Brian,

    Please find the attached Screenshot. I am not aware of the config details as I don't deal with SEP tool itself. I am a SIEM professional and sometimes I have to make the decisions based on AV logs, which I am trying to understand. Please have a look at screenshot.

     

     



  • 6.  RE: Symantec Endpoint protection: Secondary Action 102

    Posted Apr 26, 2017 09:01 AM
      |   view attached

    Hi I have attached the screenshot. I am not aware of the SEP config details as I don't directly deal with SEP. I am a SIEM professional and sometimes I have to make decisions based on symantec logs. So I am trying to understand the symantec logs. Please have a look at screenshot