search cancel

Malware detections in Email Security.cloud take more than an hour to arive at ATP appliance

book

Article ID: 163355

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

Within the portal for Email Security.cloud, Email Track and Trace shows one or more messages with attachments that were detected as malware. However, these malware detection events do not appear in the Events page of the Advanced Threat Protection (ATP) Platform after one hour passes.

No error message is visible in the UI of the ATP appliance.

On the Settings> Global Settings page of the ATP UI, the Synapse correlation is enabled.

The status of the Email Security.cloud correlation is Healthy.

Cause


 

Resolution

To diagnose this matter, please upload logs within the command line interface (CLI) of ATPP, then open a technical case with Symantec Technical Support for assistance.

To upload log evidence

  1. Within the CLI, log in as admin.
  2. Type: gather_logs
  3. When the command is complete, type: bsupport
  4. Copy the UUID from the output of the bsupport command, and paste that into the support case to permit support to locate and process the log evidence.

 

Attachments

ESS Not Correlated.pdf get_app