Quantcast
Channel: Symantec Connect - Products - Discussions
Viewing all articles
Browse latest Browse all 6827

Symantec Endpoint Protection-Syslog message field explanation

$
0
0
I need a solution

Hi Team,

            Please provide the explanation about all the fields which are there in below syslog message.

Jun 20 14:53:43 10.40.10.61 Jun 20 14:54:46 SymantecServer CORP: Potential risk found,Computer name: CORPE642,Detection type: 4,First Seen: Reputation was not used in this detection.,Application name: Microsoft® Windows® Operating System,Application type: Trojan Worm,Application version: 6.1.7600.16385,Hash type: SHA-256,Application hash: 0000000000000000000000000000000000000000000000000000000000000002,Company name: Microsoft Corporation,File size (bytes): 20992,Sensitivity: 127,Detection score: 0,COH Engine Version: ,Detection Submissions No,Permitted application reason: 0,Disposition: Good,Download site: ,Web domain: ,Downloaded by: ,Prevalence: Reputation was not used in this detection.,Confidence: Reputation was not used in this detection.,URL Tracking Status: Off,Risk Level: Reputation was not used in this detection.,Detection Source: N/A,Source: Heuristic Scan,Risk name: ,Occurrences: 1,c:\windows\system32\svchost.exe,"",Actual action: Left alone,Requested action: Left alone,Secondary action: Left alone,Event time: 2012-06-20 21:19:57,Inserted: 2012-06-20 21:54:46,End: 2012-06-20 21:19:57,Domain: Test,Group: My Company\Office,Server: CORP,User: SYSTEM,Source computer: ,Source IP: 0.0.0.0

In message, It says Potential risk found but Risk name: field is blank.

What does it (this event) say.

Regards,

Shalendra

0

Viewing all articles
Browse latest Browse all 6827

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>