i've had this happen to me on occasions. i don't have a clear cut answer for you, but some tidbits that might help are..
1) if the numbers are showing up, double click the attack, then click on 'attack description' to find out what it is. that should at least get you moving while this gets resolved.
2) when this has happened to me, i left the alert analyzer open, and it resolved the attack ID to name without any interaction after maybe 5-10 minutes.
like i said, i don't know what causes this, but i have seen it on both 4.1 and 5.1 that i am currently running.
I was told this problem is due Java temporary files not being cleaned up on the system where you are running your NSM GUI. And there are a few issues involving Java on your GUI system but to resolve this one follow these steps.
1. Close all Internet Explorer sessions on your workstation where you run the McAfee NSM GUI..
2 . Using Windows Explorer, navigate to C:\Documents and Settings\your userid\McAfee.
a. There are a few sub-directories under McAfee but tech support suggests deleting the whole McAfee directory.
b. This may not be work because a log file in one of the sub-directories may still be assigned to McAfee desktop security stuff. In any case, continue with the next step.
3. Open the Control Panel and open the Java item.
a. In the Java Control Panel, under the General tab, go down to the “Temporary Internet Files” and click on Settings.
b. Click on the Delete Files button.
c. When it is done, click OK’s to back out.
4. Open ISM Manager and the Threat Analyzer. The problems should be resolved until next time.
one more java tweak that folks might find useful:
open the java control panel -> java -> view JRE settings
under runtime parameters you can put -Xmx300m specifying more memory to be available to java.
Yes, it helps but only in that you won't have to delete the temp files as often, depending on the workstation system you are using.
Hi, thanks for your answer.
When I try to watch de attack description I can´t and only see an error.
I try deleting all files of java, and increasing the memory in java and I still get those numbers instead of attack name...
I will try to upgrade to the last version of 5.x NSP Manager..
If anyone know how solve this issue..
Thanks in advanced
This actually is a known issue.. the latest available NSM from our download server (22.214.171.124) should address this. After you install, make sure you do a complete reboot of the system, and you should be good to go.
I just upgrade to 126.96.36.199, and restert the server, but these two alarms continue showing only the numbers and when I try to see the atack description shome an error.
Another engeener tell me that follow this KB to solve this issue, KB57814
But after delete all the signatures and download again, the problem continue.
Thanks in advanced for your help!
Interesting. If this if for just a couple attacks listed in your Real Time Analayzer, then I have not seen this issue before. You might try doing a dbtune or a purge on your DB. Also, sometimes it take a bit for the alerts to scroll out of the DB, and new alerts will list fine.
If the DB doesn't start behaving after a db tune and or purge, I would open up a case and have it investigated further. Contact info below for opening a case;
McAfee Prime Support Technical Support: 1.800.338.8754
I have seen this occur if you create User Defined Signatures (UDS), trigger on some alerts, then delete the signatures.