cancel
Showing results for 
Search instead for 
Did you mean: 

Event Id: 1053 Event Description: Infected file found.

Jump to solution

We have been getting this alert from a legitimate file. The file also excluded. Action taken shows Allow. Obviously not getting deleted, but its a noise that our SOC team shouldn't be worried about.

Do we know why we are getting this alert?

OS Type - Linux 

ENSL 10.2.2.1320

ENSL 

1 Solution

Accepted Solutions
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Event Id: 1053 Event Description: Infected file found.

Jump to solution

in case anyone else runs across this issue, here is the reason it is happening.

first this is an issue with ensl 10.2.2 only and has been fixed in ensl 10.2.3 and later builds.

the event is generated when the ensl service is stopped/restarted and there are files left in the scan queue.  when ensl was clearing out the queue it incorrectly set a flag on the file which caused the virus alert to get generated.  no actual scan or action is taken on the file when this occurs and is purely a cosmetic issue.  

to fix the issue upgrade ensl to the latest version which is currently 10.6.4.

2 Replies
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Event Id: 1053 Event Description: Infected file found.

Jump to solution

in case anyone else runs across this issue, here is the reason it is happening.

first this is an issue with ensl 10.2.2 only and has been fixed in ensl 10.2.3 and later builds.

the event is generated when the ensl service is stopped/restarted and there are files left in the scan queue.  when ensl was clearing out the queue it incorrectly set a flag on the file which caused the virus alert to get generated.  no actual scan or action is taken on the file when this occurs and is purely a cosmetic issue.  

to fix the issue upgrade ensl to the latest version which is currently 10.6.4.

Highlighted

Re: Event Id: 1053 Event Description: Infected file found.

Jump to solution

Your solution is correct. Since we started upgrading to the latest version, the issue seems to go away.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community