Showing results for 
Search instead for 
Did you mean: 

Event ID 1038

Our ePO server is getting flooded with Event ID 1038. Depending on what I read this can be anywhere from a cookie to VSE not reporting correctly back to ePO (thus possibly a serious problem). Any help on this would be much appreciated.  Here is a copy of an example Event Log from ePO -

Server ID:ePolicy
Event Received Time:7/26/12 7:16:45 PM
Event Generated Time:7/26/12 7:16:43 PM
Agent GUID:1A5D4292-0CDE-4B36-9704-829BCFB92203
Detecting Prod ID (deprecated):VIRUSCAN8800
Detecting Product Name:VirusScan Enterprise
Detecting Product Version:8.8
Detecting Product Host Name:XXXXX
Detecting Product IPv4 Address:X.X.X.X
Detecting Product IP Address:X.X.X.X
Detecting Product MAC Address:
DAT Version:6784.0000
Engine Version:5400.1158
Threat Source Host Name:
Threat Source IPv4 Address:X.X.X.X
Threat Source IP Address:X.X.X.X
Threat Source MAC Address:
Threat Source User Name:
Threat Source Process Name:
Threat Source URL:
Threat Target Host Name:XXXXXXX
Threat Target IPv4 Address:X.X.X.X
Threat Target IP Address:X.X.X.X
Threat Target MAC Address:
Threat Target User Name:SYSTEM
Threat Target Port Number:
Threat Target Network Protocol:
Threat Target Process Name:
Threat Target File Path:
Event Category:Task ended
Event ID:1038
Threat Severity:Critical
Threat Name:none
Threat Type:None
Action Taken:none
Threat Handled:true
Analyzer Detection Method:(managed) GEN On Demand

Message was edited by: mike-cbi on 7/27/12 9:50:24 AM CDT
1 Reply
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Event ID 1038

You can filter this out by going to "Menu | Configuration | Server Settings | Event Filtering | Edit" then de-select eventID 1038 and click save and the clients will then stop forwarding that event. If you are actually more interested in finding out why that event is getting generated so much then you should make a post in the VSE group. EPO does not generate the event it is merely reporting that VSE sent up.