1 2 Previous Next 13 Replies Latest reply on Aug 8, 2010 10:07 PM by obelicks

    Real time analyzer show numbers instead attack name

    aacordoba

      Hi eveyone.

       

      Today when I connect to my NSP Manager, I see two alerts that only shows numbers instead of the name of the attack.

      The problem only happend with this two alerts, but now I have this alert (a high one) with a LOT of attacks from somes IP, my support staff is now cheking this system, but I want to know what is this alert.

       

      Here I attached some screenshots of this problem, If anyone know what is this alert or why is this happend and how solve this issue.

      Thanks in advanced...

      alerts1.jpg

       

      alerts2.jpg

        • 1. Re: Real time analyzer show numbers instead attack name

          i've had this happen to me on occasions. i don't have a clear cut answer for you, but some tidbits that might help are..

           

          1) if the numbers are showing up, double click the attack, then click on 'attack description' to find out what it is. that should at least get you moving while this gets resolved.

          2) when this has happened to me, i left the alert analyzer open, and it resolved the attack ID to name without any interaction after maybe 5-10 minutes.

           

          like i said, i don't know what causes this, but i have seen it on both 4.1 and 5.1 that i am currently running.

           

          jim

          • 2. Re: Real time analyzer show numbers instead attack name

            I was told this problem is due Java temporary files not being cleaned up on the system where you are running your NSM GUI.  And there are a few issues involving Java on your GUI system but to resolve this one follow these steps.

             

             

            1.  Close all Internet Explorer sessions on your workstation where you run the McAfee NSM GUI..


            2 .  Using Windows Explorer, navigate to C:\Documents and Settings\your userid\McAfee.


            a.        There are a few sub-directories under McAfee but tech support suggests deleting the whole McAfee directory.


            b.        This may not be work because a log file in one of the sub-directories may still be assigned to McAfee desktop security stuff.   In any case, continue with the next step.


            3.  Open the Control Panel and open the Java item.


            a.        In the Java Control Panel, under the General tab, go down to the “Temporary Internet Files” and click on Settings.


            b.        Click on the Delete Files button.


            c.         When it is done, click OK’s to back out.


            4.        Open ISM Manager and the Threat Analyzer.  The problems should be resolved until next time.

             

             

             

            Message was edited by: NoMN on 4/1/10 8:54:43 AM CDT
            • 3. Re: Real time analyzer show numbers instead attack name

              one more java tweak that folks might find useful:

               

              open the java control panel -> java -> view JRE settings

               

              under runtime parameters you can put -Xmx300m specifying more memory to be available to java.

              • 4. Re: Real time analyzer show numbers instead attack name

                Yes, it helps but only in that you won't have to delete the temp files as often, depending on the workstation system you are using.

                 

                 

                Message was edited by: NoMN on 4/1/10 9:06:44 AM CDT
                • 5. Re: Real time analyzer show numbers instead attack name
                  aacordoba

                  Hi, thanks for your answer.

                   

                  When I try to watch de attack description I can´t and only see an error.

                   

                  I try deleting all files of java, and increasing the memory in java and I still get those numbers instead of attack name...

                  I will try to upgrade to the last version of 5.x NSP Manager..

                   

                  If anyone know how solve this issue..

                  Thanks in advanced

                   

                   

                  Message was edited by: aacordoba on 4/5/10 9:26:50 AM GMT-06:00
                  • 6. Re: Real time analyzer show numbers instead attack name
                    SGROSSEN

                    This actually is a known issue.. the latest available NSM from our download server (5.1.11.22) should address this.   After you install, make sure you do a complete reboot of the system, and you should be good to go.

                    • 7. Re: Real time analyzer show numbers instead attack name
                      aacordoba

                      Hi Steve.

                       

                      I just upgrade to 5.1.11.22, and restert the server, but these two alarms continue showing only the numbers and when I try to see the atack description shome an error.

                      Another engeener tell me that follow this KB to solve this issue, KB57814

                       

                      But after delete all the signatures and download again, the problem continue.

                       

                      Thanks in advanced for your help!

                      • 8. Re: Real time analyzer show numbers instead attack name
                        SGROSSEN

                        Interesting.  If this if for just a couple attacks listed in your Real Time Analayzer, then I have not seen this issue before.   You might try doing a dbtune or a purge on your DB.   Also, sometimes it take a bit for the alerts to scroll out of the DB, and new alerts will list fine.

                         

                        If the DB doesn't start behaving after a db tune and or purge, I would open up a case and have it investigated further.   Contact info below for opening a case;

                         

                        McAfee Prime Support Technical Support: 1.800.338.8754

                        • 9. Re: Real time analyzer show numbers instead attack name

                          I have seen this occur if you create User Defined Signatures (UDS), trigger on some alerts, then delete the signatures.

                          1 2 Previous Next