Eicar test event data missing from the SEPM - data is seen on the client systems
search cancel

Eicar test event data missing from the SEPM - data is seen on the client systems

book

Article ID: 279367

calendar_today

Updated On:

Products

Endpoint Security

Issue/Introduction

Eicar detection events for testing are seen when looking at the local SEP client logs and in the client user interface, but the data is not seen at the SEPM in reports or any other risk data.

Cause

By default we do not keep Eicar event data.

Resolution

In the Symantec Endpoint Protection Manager console, check under Admin > Servers > select the database server > Click Edit Database Properties. Uncheck the option "Delete EICAR events".

This is likely checked, which would explain why we don't see it on the server.

Powered by Wolken Software