cancel
Showing results for 
Search instead for 
Did you mean: 
mcdave
Level 10
Report Inappropriate Content
Message 1 of 5

false positives in "Failed Product Updates in the Last 24 Hours" query

It looks like this query reports many false positives?

example:

Agent GUID:     C942CDBE-3783-416B-B822-95C720F51E2A

Event ID:     2402

Severity:     Critical

Received UTC:     8/30/12 7:05:41 AM

Detected UTC:     8/30/12 7:03:08 AM

Host Name:     PC-X

User Name:     userX

IP Address:     10.11.12.13

Product Code:     VIRUSCAN8700

Version:     6819.0000

SP HotFix:    

Extra DAT Names:    

Event Type:     DAT

Error Code :     Deployment/Update Successful

Locale:    

Site Name:     ePOSA_EPO01

Initiator ID:     EPOAGENT3000

Initiator Type:     UpdateTask

This event reports error code "Deployment/Update Successful" ?

What is wrong here? is this realy a false possitive?

regards

Dave

4 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: false positives in "Failed Product Updates in the Last 24 Hours" query

That's certainly strange - the event ID is the thing we're really interested in, and 2402 is definitely the ID for "update failed." (Update successful is 2401, which most users filter out.)

Have you got other events with ID 2402 that are described as Update Failed? Or are they all Update Successful?

Thanks -

Joe

mcdave
Level 10
Report Inappropriate Content
Message 3 of 5

Re: false positives in "Failed Product Updates in the Last 24 Hours" query

it's a mix.
See here the results of 1 day:

Event ID    Product Code    Version    System Name    Detected UTC    Error Code

2402    GROUPSHD7000    HF616318    VEX12    8/29/12 11:03:14 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC14    8/29/12 11:01:11 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC11    8/29/12 11:03:29 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC13    8/29/12 11:01:15 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/29/12 11:05:39 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/29/12 11:03:22 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC12    8/29/12 11:06:18 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/29/12 11:08:31 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM14    8/29/12 11:09:36 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/29/12 11:12:11 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/29/12 11:09:09 PM    Deployment/Update Successful

2402    EPOAGENT3000        PCTIFR13    8/29/12 11:13:08 PM    Update not started

2402    GROUPSHD7000    HF616318    PCEXM13    8/29/12 11:13:37 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/29/12 11:11:12 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/29/12 11:02:37 PM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 12:01:35 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC13    8/30/12 12:01:16 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM14    8/30/12 12:04:08 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 12:04:41 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 12:05:12 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 12:07:11 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    TTWSRVEX12    8/30/12 12:06:13 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC12    8/30/12 12:08:18 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC11    8/30/12 12:05:29 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 12:07:12 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 12:10:24 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC14    8/30/12 12:12:14 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCPRC21    8/30/12 12:11:55 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 12:17:32 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM14    8/30/12 1:01:10 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC12    8/30/12 1:01:18 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 1:06:12 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 1:03:16 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 1:08:26 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC14    8/30/12 1:06:12 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC11    8/30/12 1:09:30 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 1:06:35 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 1:06:15 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 1:10:35 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 1:11:13 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    VEX12    8/30/12 1:09:14 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC13    8/30/12 1:11:15 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCE2E17    8/30/12 2:02:51 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC11    8/30/12 2:04:30 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC111184    8/30/12 2:04:18 AM    Updates failed as script download error occured

2402    GROUPSHD7000    HF616318    PC13    8/30/12 2:05:16 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCE2E11    8/30/12 2:03:42 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 2:01:35 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 2:01:15 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCDSA35    8/30/12 2:05:13 AM    Updates failed as script download error occured

2402    GROUPSHD7000    HF616318    VEX12    8/30/12 2:06:14 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC12    8/30/12 2:08:18 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC14    8/30/12 2:06:12 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC513351    8/30/12 2:04:38 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCCED11    8/30/12 2:08:42 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 2:08:36 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 2:09:14 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 2:09:19 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 2:12:28 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC114823    8/30/12 2:11:35 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM14    8/30/12 2:12:12 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCBTL11    8/30/12 2:16:38 AM    Updates failed as script download error occured

2402    VIRUSCAN8700    68.190.000    PC513956    8/30/12 2:13:31 AM    Updates failed as script download error occured

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 2:13:15 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCDSA13    8/30/12 2:17:21 AM    Updates failed as script download error occured

2402    VIRUSCAN8600    68.190.000    PCDLC12    8/30/12 2:16:18 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 3:02:16 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC14    8/30/12 3:04:12 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC13    8/30/12 3:01:16 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 3:01:38 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM11    8/30/12 3:07:20 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 3:05:16 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    VEX12    8/30/12 3:08:14 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC11    8/30/12 3:09:30 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 3:08:36 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM13    8/30/12 3:07:18 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PC12    8/30/12 3:09:18 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM14    8/30/12 3:12:13 AM    Deployment/Update Successful

2402    GROUPSHD7000    HF616318    PCEXM12    8/30/12 3:14:29 AM    Deployment/Update Successful

2402    ENTERCPT6100    8.0.0.4517    PC11178    8/30/12 3:31:01 AM    Deployment/Update process encountered an unknown error

2402    EPOAGENT3000        PCDBP73    8/30/12 3:24:25 AM    Deployment/Update process encountered an unknown error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:19:28 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:20:19 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:28:01 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:33:38 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:40:56 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:41:37 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:47:58 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 2:59:41 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 3:10:42 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 3:28:30 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDSA44    8/30/12 3:37:22 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/29/12 11:04:25 PM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/29/12 11:11:14 PM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/29/12 11:23:25 PM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/29/12 11:41:21 PM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/29/12 11:51:49 PM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 12:12:06 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 12:13:26 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 12:21:50 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 12:30:14 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 2:22:23 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 2:49:57 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 3:33:08 AM    Updates failed due to a file verification error

2402    VIRUSCAN8600    68.190.000    PCDIT15    8/30/12 3:49:31 AM    Updates failed as script download error occured

2402    ENTERCPT6100    8.0.0.4517    PC11178    8/30/12 4:01:31 AM    Deployment/Update process encountered an unknown error

2402    VIRUSCAN8700    68.190.000    PC115772    8/30/12 4:34:33 AM    Updates failed as script download error occured

2402    VIRUSCAN8700    68.190.000    PC114181    8/30/12 4:36:39 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCDLC12    8/30/12 4:51:05 AM    Deployment/Update Successful

2402    EPOAGENT3000        PC12    8/30/12 5:06:06 AM    Deployment/Update process encountered an unknown error

2402    EPOAGENT3000        PC111439    8/30/12 5:57:42 AM    Deployment/Update process encountered an unknown error

2402    VIRUSCAN8600    68.190.000    PCCED11    8/30/12 6:03:40 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC513956    8/30/12 6:03:29 AM    Updates failed as script download error occured

2402    VIRUSCAN8600    68.190.000    PCDSA13    8/30/12 6:08:11 AM    Updates failed as script download error occured

2402    VIRUSCAN8700    68.190.000    PC513351    8/30/12 6:08:08 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC111184    8/30/12 6:06:09 AM    Updates failed as script download error occured

2402    VIRUSCAN8600    68.190.000    PCDLC12    8/30/12 6:09:08 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC7768    8/30/12 6:11:19 AM    Deployment/Update Successful

2402    VIRUSCAN8600    68.190.000    PCBTL11    8/30/12 6:18:38 AM    Updates failed as script download error occured

2402    VIRUSCAN8600    68.190.000    PCDSA35    8/30/12 6:18:15 AM    Updates failed as script download error occured

2402    VIRUSCAN8700    68.190.000    PC144    8/30/12 6:29:10 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC111918    8/30/12 6:42:46 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC111334    8/30/12 7:03:08 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC112488    8/30/12 7:08:33 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC112515    8/30/12 7:25:22 AM    Deployment/Update Successful

2402    VIRUSCAN8700    %%NewEngineVersion%%    PC112221    8/30/12 7:29:01 AM    Deployment/Update Successful

2402    VIRUSCAN8700    68.190.000    PC112221    8/30/12 7:29:01 AM    Deployment/Update Successful

2402    EPOAGENT3000        PC13    8/30/12 7:39:00 AM    Deployment/Update process encountered an unknown error

2402    ENTERCPT6100    8.0.0.4517    PC11178    8/30/12 8:07:33 AM    Deployment/Update process encountered an unknown error

2402    VIRUSCAN8700    68.190.000    PC111931    8/30/12 8:15:52 AM    Updates failed as script download error occured

2402    EPOAGENT3000        PCWSL16    8/30/12 8:31:05 AM    Deployment/Update process encountered an unknown error

2402    VIRUSCAN8600    68.190.000    PCDLC12    8/30/12 8:37:08 AM    Deployment/Update Successful

2402    EPOAGENT3000        PCDBP41    8/30/12 8:54:55 AM    Deployment/Update process encountered an unknown error

2402    EPOAGENT3000        PC14    8/30/12 9:03:12 AM    Deployment/Update process encountered an unknown error

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: false positives in "Failed Product Updates in the Last 24 Hours" query

That's really not something I've seen before, or would expect

This is one where I'd recommend opening a case with support - we'll need to see your database and probably need to capture some events from the client machines.

Thanks -

Joe

mcdave
Level 10
Report Inappropriate Content
Message 5 of 5

Re: false positives in "Failed Product Updates in the Last 24 Hours" query

thx for the feedback.

I've opened a case at support.