2 Replies Latest reply on Apr 20, 2012 3:48 AM by JoeBidgood

    Threat Name: is blank or (-)

    pboedges

      I am seeing very interesting occurance's of this within ePO 4.5.4.  When i run the query "VSE: Computers with Threats Detected per Week" i get a large number of events that have no Threat Name or there is only a dash ( -).  I am seeing an Event Description of "Scan Timed Out"  would this cause these, since the scan was unable to finish VSE was not able to properly identify the file?

       

      epo.png

        • 1. Re: Threat Name: is blank or (-)

          Same here. I encoutered this a lot of times and still encountering.

          • 2. Re: Threat Name: is blank or (-)
            JoeBidgood

            This is normal, but potentially confusing

            The on-access scanner in VSE can be configured to give up if it takes more than a certain time to scan a file. If it does this, it will send a "scan timed out" event back to ePO. There is no threat name associated with this: obviously since the scan did not complete successfully, no specific threat has been identified - so the threat name is show as a hyphen.

            However, also because the scan did not complete successfully, we do not know for certain that it is clean: the system is therefore alerting you to a file that is potentially a threat, so that you as the administrator can investigate as necessary.

            How you deal with these is your choice: some users investigate files like this and exclude them from scanning if they are satisfied they are benign, some users simply turn off these events in the event filter, some users just ignore them or filter them out of the reports (so that the data is still in the database but doesn't skew their reports.)

             

            HTH -

             

            Joe

            1 of 1 people found this helpful