Solved

How to remove Risk Found! from Symantec AntiVirus primary server?

Posted on 2008-10-30
6
1,396 Views
Last Modified: 2013-12-09
We have Symantec AntiVirus corporate (10.1.6.6000) I haven't had any experience managing it, though now I have that task. I have opened up Symantec System Centre on the primary server (we have only 1 antivirus server) and it shows Risk Found! for the primary server. This is also a Domino server and runs Symantec Mail Security for Domino. Attempting anything in System Centre gives an error about being unable to find the server (itself). Would really appreciate some guidance to deal with this issue.
0
Comment
Question by:cameronsaa
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 22855660
was the virus found in the server or was the virus found in one of the clients that the server manages?
try restarting the server running the sav for exchange and try again.

0
 
LVL 20

Expert Comment

by:jimmymcp02
ID: 22862741
or youcan right click on the client that is show as infected then there is an option that say clear risk status....that will make the client not show up as infected but you still need to make sure the file was succesfully quarentine or deleted
0
 

Author Comment

by:cameronsaa
ID: 22864655
@jimmymcp02: Thanks for replying. No, no clients were showing as infected. btw its sav for Domino, not Exchange. The server itself showed with the Risk Found!. Scan of the server comes up clean.

Management console running on the server can't contact the server. Server still seems to be downloading and pushing out updates to clients ok.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 20

Expert Comment

by:jimmymcp02
ID: 22864675
>>Management console running on the server can't contact the server. Server still seems to be downloading and pushing out updates to clients ok.

That should not happen....look at your event logs perhaps and upadate was installed and it requireds a reboot in order to take effect.
0
 

Author Comment

by:cameronsaa
ID: 22872714
The server reboots daily.
There are a bunch of warnings in the app log: Could not scan 1 files inside <file path> due to extraction errors encountered by the Decomposer Engines.
Event ID: 6
Source: Symantec AntiVirus

I updated definitions on a client (to 3/11/08) and find that the server is still on an older set (2/11/08), that shouldn't be either I don't think!

Hopefully its just a misconfiguration and we haven't been pwned!
0
 
LVL 20

Accepted Solution

by:
jimmymcp02 earned 500 total points
ID: 22952436
Ok thanks for clarify.

as for the could not scan 1 file you will see that when the scan tries to scan zip files that contain exe. (most of the time is the virus def folders or databases) in which case you dont have to worry but you should double check your scan settings to make sure its setup propertly there are certain folders and files that need to be excluded from scans.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now