Showing results for 
Search instead for 
Did you mean: 

PortalShield 2.0 SP1 not reporting enough info to ePO 4.0

We have recently added Portal Shield to report events to our ePO, and the events get generated appropriately.  The problem we are having is that when an incident is reported, there is not very much information in the actual event.  I get the following:

Threat Source Process Name

Threat Target User Name (which is always NT Authority\System)

Threat Target File Path (provides executable but not full path)

Event ID

Threat Severity

Threat Name

Threat Type

Action Taken

Threat Handled

Event Description

These are all fine, except it doesn't provide the name of the actual authenticated user, source IP address, source hostname, or full path name.  We are able to find this information in the SharePoint logs in C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Logs folder.  Just wondering if there was a way to get this information put into the alert that is generated to avoid having to check multiple log files.  This information does not show up under Portal Shield on the SharePoint as well.  Anyone else come across this issue?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community