Virus deleted in Symantec Endpoint Protection still appears as 'Malicious Code Not Quarantined' event in Symantec Security Information Manager v4.x


Article ID: 177347


Updated On:


Security Information Manager


You have run LiveUpdate for the Symantec Endpoint Protection (SEP) Collector, but the event still occurs in Symantec Security Information Manager (SSIM).


Save the attached filter.xml file and import it to the Sensor configuration for the SEP Collector.


To import filter.xml file:

  1. Open the SSIM UI and click System > Product Configuration > Symantec Endpoint Protection Event Collector 4.3 > Your configuration > Filter tab.
  2. Click the Import icon and import the filter.xml file.

It will create a new filter named Filter for Details Pending Events. Make sure that the box is selected, then save and distribute the configuration.

If you are using Sybase as the default SEP datastore, please refer to the following document to download a new config.xml file.

Title: After running LiveUpdate for the SEP Collector the collector stops working. config.xml after LU for Sybase datastore


filter.xml get_app