Symantec Problem with false "Risk found1" alerts

Posted on 2009-02-12
Last Modified: 2013-11-22
I manage our SAV server, and I have about 40 client computers that give a false status of "Risk found!" Upon futher investigation, I find that none of the affected computers have any king of Risk or threat. They are patched fully and are a mixture of Windows 2000 SP4 and WIndows XP SP2. If I clear the cache and rediscover the affected computers have no risk status but after a few hours the risks show up. I have a total of 3700 client computers and only have trouble with a few.

We are starting our migration to SEP release 4 in March and I'm trying to figure out what's going on.

Any ideas?
Question by:CohKarlHaskins
    LVL 20

    Expert Comment

    follow this steps
    Check the clients affected
    find the file that is being flag as infected
    examine the file to determine if its true.
    If you find a file that has been incorrectly flagged as a virus or malware you can exclude it by using the exclusion list within ssc. If you are infected then you might have to clean up the affected clients.
    LVL 1

    Author Comment

    I found no files flagged as infected "Upon futher investigation, I find that none of the affected computers have any kind of Risk or threat." as stated above.

    That is what a originally though I should do.

    Another tech source told me that this may indicate that those PCs need to be rebooted, but I'm not sure that that is the issue. Another computer running console does not display these computers with a risk. I may just install the console in a VM and monitor them from there.
    LVL 2

    Expert Comment

    I have found that sometimes when you clear the risk it does not reflect itself to the client.  I have this occasionally on client machines.  And cleaning the risk log from the client usually takes care of that issue.
    LVL 20

    Accepted Solution

    More questions. Have you remove the client software from the affected machines?
    If it just ha happening to a few computers then it might be worth to give it a test.
    If you want to force the removal using clean wipe download it from this link
    Once remove re-install sav client again and monitor

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    Change your it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
    For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (, the Zone Advisor for the Virus and …
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now