Virus deleted in Symantec Endpoint Protection still appears as 'Malicious Code Not Quarantined' event in Symantec Security Information Manager v4.x

book

Article ID: 177347

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

You have run LiveUpdate for the Symantec Endpoint Protection (SEP) Collector, but the event still occurs in Symantec Security Information Manager (SSIM).

Resolution

Save the attached filter.xml file and import it to the Sensor configuration for the SEP Collector.

filter.xml

To import filter.xml file:

  1. Open the SSIM UI and click System > Product Configuration > Symantec Endpoint Protection Event Collector 4.3 > Your configuration > Filter tab.
  2. Click the Import icon and import the filter.xml file.


It will create a new filter named Filter for Details Pending Events. Make sure that the box is selected, then save and distribute the configuration.

If you are using Sybase as the default SEP datastore, please refer to the following document to download a new config.xml file.

Title: After running LiveUpdate for the SEP Collector the collector stops working. config.xml after LU for Sybase datastore
URL: http://service1.symantec.com/support/ent-gate.nsf/docid/2008091508341854



Attachments

filter.xml get_app