Kaseya Community

Symantec 10.1 and Above

  • Symantec AntiVirus 10.1.txt
    I'm sure many of you may be having difficulty, as I have, with 3rd part AV solutions and monitoring them. I created a monitor set for Symantec's Antivirus 10.1 and above. It Alerts on the following Events in the Application Log


    • EventID 5: Virus Detected
    • EventID 11: Auto-Protect Not fully operational
    • EventID 13: Antivirus Shut Down
    • EventID 24: Auto-Protect is unloaded


    Patrick
    ITsource

    Legacy Forum Name: Symantec 10.1 and Above,
    Legacy Posted By Username: patrick.skelly
  • Thanks - those ID are Errors (presumably) and not warnings, right?

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: SADAsystems
  • These are actually informational events.  Also, it may be good to add this one as well.
    
    Event Id: 7 Virus definition loaded (which essentially means a live update went and reloaded the virus definitions)
    
    <?xml version="1.0" encoding="ISO-8859-1" ?>
    <event_sets>
      <set_elements setName="Symantec" eventSetId="24612711">
        <element_data ignore="0" source="Symantec AntiVirus" category="*" eventId="24" username="*" description="*"/>
        <element_data ignore="0" source="Symantec AntiVirus" category="*" eventId="7" username="*" description="*"/>
        <element_data ignore="0" source="Symantec AntiVirus" category="*" eventId="5" username="*" description="*"/>
        <element_data ignore="0" source="Symantec AntiVirus" category="*" eventId="11" username="*" description="*"/>
        <element_data ignore="0" source="Symantec AntiVirus" category="*" eventId="13" username="*" description="*"/>
      </set_elements>
    </event_sets>
    
    Remember, these are informational events.

    Legacy Forum Name: Event Sets,
    Legacy Posted By Username: cking@faylib.org


    [edited by: Brendan Cosgrove at 5:33 PM (GMT -8) on 12-17-2010] .