Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 2

Fields In Queries From Threat Tables Not Populated With Data


When I use a Dashboard monitor to display threats then click the displayed event or manually run a query to examine the details of a threat such as:

Host IPS: Desktop High Triggered Signatures - "Msgina registry key modified" (as an example), there will be some if not all results in the table for which certain fields are blank: System Name, MAC address, User Name, for instance.

So I can have say, 5 machines that have reported a vulnerability, and all 5 can be the same machine, and when I click that vulnerability to display the Threat Log tables, one entry is blank for the fields I've listed (there are other blank fields too but this is just representative);

OR, I can have multiple machines with the same vulnerability and all of them contain certain blank fields;

OR, I can have multiple machines with the same vulnerability - some entries have populated data fields, some entries contain fields that are blank.

When I click on any of the displayed line items, whether there are blank fields or not, the Threat Log Details table displays ALL the data.

Another symptom of this is that in the System Details view, there will be no Related Items bar at the bottom of the Host IPS 8.0 Even Information box and no "Go to related system" link - but ONLY for entries in the table with blank fields.

  This started happening when I updated ePO from

While I'm at it, I have a peristant blank entry in the table (monitor) "Threat Event Descriptions in the last 24hrs" on my Dashboard. It went incognito after the update; this blank trickles down to the System Tree view dashboard for individual machines too. I use the "Threat Event Descriptions in the last 24 hours" as one of my monitors.

Anyone seen this or similar results?

1 Reply
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 2

Re: Fields In Queries From Threat Tables Not Populated With Data

Here's a similar symptom I've been able to not resolve, but to at least identify the cause for:

In my dashboard, I am posting Threat Events in the Past 24 Hours. Since updating ePO from to there is always one line of threat descriptions that is blank. I can click on it and display the table of events, but I had no idea what the "Threat" was.

I finally figured it out. It is Event ID: 18000. If I go to Menu>Server Settings>Event Filter to look up the code, its not there. That is why the line item in my monitor is blank. Event ID: 18000 is supposed to be "HIPS Intrusion Detected and Handled". It USED to show up before I updated my ePO. I see this on two separate ePO servers running on two separate domains.

I just love my McAfee!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community