[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Symantec Problem with false "Risk found1" alerts

Posted on 2009-02-12
Medium Priority
Last Modified: 2013-11-22
I manage our SAV server, and I have about 40 client computers that give a false status of "Risk found!" Upon futher investigation, I find that none of the affected computers have any king of Risk or threat. They are patched fully and are a mixture of Windows 2000 SP4 and WIndows XP SP2. If I clear the cache and rediscover the affected computers have no risk status but after a few hours the risks show up. I have a total of 3700 client computers and only have trouble with a few.

We are starting our migration to SEP release 4 in March and I'm trying to figure out what's going on.

Any ideas?
Question by:CohKarlHaskins
  • 2
LVL 20

Expert Comment

ID: 23635038
follow this steps
Check the clients affected
find the file that is being flag as infected
examine the file to determine if its true.
If you find a file that has been incorrectly flagged as a virus or malware you can exclude it by using the exclusion list within ssc. If you are infected then you might have to clean up the affected clients.

Author Comment

ID: 23635722
I found no files flagged as infected "Upon futher investigation, I find that none of the affected computers have any kind of Risk or threat." as stated above.

That is what a originally though I should do.

Another tech source told me that this may indicate that those PCs need to be rebooted, but I'm not sure that that is the issue. Another computer running console does not display these computers with a risk. I may just install the console in a VM and monitor them from there.

Expert Comment

ID: 23639138
I have found that sometimes when you clear the risk it does not reflect itself to the client.  I have this occasionally on client machines.  And cleaning the risk log from the client usually takes care of that issue.
LVL 20

Accepted Solution

jimmymcp02 earned 1500 total points
ID: 23646306
More questions. Have you remove the client software from the affected machines?
If it just ha happening to a few computers then it might be worth to give it a test.
If you want to force the removal using clean wipe download it from this link
Once remove re-install sav client again and monitor

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question