We help IT Professionals succeed at work.

Symantec 10.1.7.7000 Problem with false "Risk found1" alerts

Karl Haskins
Karl Haskins asked
on
Medium Priority
726 Views
Last Modified: 2013-11-22
I manage our SAV server, and I have about 40 client computers that give a false status of "Risk found!" Upon futher investigation, I find that none of the affected computers have any king of Risk or threat. They are patched fully and are a mixture of Windows 2000 SP4 and WIndows XP SP2. If I clear the cache and rediscover the affected computers have no risk status but after a few hours the risks show up. I have a total of 3700 client computers and only have trouble with a few.

We are starting our migration to SEP release 4 in March and I'm trying to figure out what's going on.

Any ideas?
Comment
Watch Question

CERTIFIED EXPERT

Commented:
follow this steps
Check the clients affected
find the file that is being flag as infected
examine the file to determine if its true.
If you find a file that has been incorrectly flagged as a virus or malware you can exclude it by using the exclusion list within ssc. If you are infected then you might have to clean up the affected clients.
 
Karl HaskinsSr. Technology Specialist - Asset Management

Author

Commented:
I found no files flagged as infected "Upon futher investigation, I find that none of the affected computers have any kind of Risk or threat." as stated above.

That is what a originally though I should do.

Another tech source told me that this may indicate that those PCs need to be rebooted, but I'm not sure that that is the issue. Another computer running console does not display these computers with a risk. I may just install the console in a VM and monitor them from there.
I have found that sometimes when you clear the risk it does not reflect itself to the client.  I have this occasionally on client machines.  And cleaning the risk log from the client usually takes care of that issue.
CERTIFIED EXPERT
Commented:
More questions. Have you remove the client software from the affected machines?
If it just ha happening to a few computers then it might be worth to give it a test.
If you want to force the removal using clean wipe download it from this link
 http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Symantec/Q_23798519.html
 
Once remove re-install sav client again and monitor

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.