4 Replies Latest reply on Apr 7, 2009 7:07 AM by Blaker78

    Affected File: Not Available

      First off I am using epo 4.0 and almost all my systems are running the 4.0 agent as well.

      Lately I have been getting alot of systems on my network that have been producing notifications like the one below that contain no information on the actual virus. So far I am up to about 25 system notifications a day obviously from the same computers.

      Notification Name: Virus Alert
      Source Computer: Not Available
      Affected Computer: XX-X-XXX XX.XX.XX.XX
      Number of infections: 1
      Affected File: Not Available
      Threat Name: Full Scan
      Event Description: Scan found infected files.
      4/2/09 9:56:00 PM

      Virus detected and NOT removed
      VirusScan
      4
      1038
      4/2/09 9:56:00 PM
      Directory
      My Organization
      Virus detected (heuristic) and NOT removed, Virus detected and NOT removed McAfee Agent, VirusScan
      (Any)

      I have an idea what the virus is but it appears to be a false positive. I have run Malwarebytes on a few of the systems that produce this notification and get 3 viruses relating to Disabled.SecurityCenter. The items are located in the registry here
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisabledNotifiy
      FirewallDisableNotify
      and UpdateDisableNotify

      My first question is why would I be getting "Affected File: Not Available" on any notification? And secondly why in the last 2 weeks or so are these notifications poping up for the Security Center? Thirdly could I put these into the unwanted programs policy?

      Now mind you take into consideration I am getting these notifications but the user is not recieving a pop up window stating they have a virus. No one would even know about this if I didnt have the notification logs coming to me.

      any help would be greatly appreciated.