1 Reply Latest reply on Aug 1, 2012 3:43 PM by jstanley

    Event ID 1038

      Our ePO server is getting flooded with Event ID 1038. Depending on what I read this can be anywhere from a cookie to VSE not reporting correctly back to ePO (thus possibly a serious problem). Any help on this would be much appreciated.  Here is a copy of an example Event Log from ePO -



      Server ID:ePolicy
      Event Received Time:7/26/12 7:16:45 PM
      Event Generated Time:7/26/12 7:16:43 PM
      Agent GUID:1A5D4292-0CDE-4B36-9704-829BCFB92203
      Detecting Prod ID (deprecated):VIRUSCAN8800
      Detecting Product Name:VirusScan Enterprise
      Detecting Product Version:8.8
      Detecting Product Host Name:XXXXX
      Detecting Product IPv4 Address:X.X.X.X
      Detecting Product IP Address:X.X.X.X
      Detecting Product MAC Address:
      DAT Version:6784.0000
      Engine Version:5400.1158
      Threat Source Host Name:
      Threat Source IPv4 Address:X.X.X.X
      Threat Source IP Address:X.X.X.X
      Threat Source MAC Address:
      Threat Source User Name:
      Threat Source Process Name:
      Threat Source URL:
      Threat Target Host Name:XXXXXXX
      Threat Target IPv4 Address:X.X.X.X
      Threat Target IP Address:X.X.X.X
      Threat Target MAC Address:
      Threat Target User Name:SYSTEM
      Threat Target Port Number:
      Threat Target Network Protocol:
      Threat Target Process Name:
      Threat Target File Path:
      Event Category:Task ended
      Event ID:1038
      Threat Severity:Critical
      Threat Name:none
      Threat Type:None
      Action Taken:none
      Threat Handled:true
      Analyzer Detection Method:(managed) GEN On Demand


      Message was edited by: mike-cbi on 7/27/12 9:50:24 AM CDT
        • 1. Re: Event ID 1038

          You can filter this out by going to "Menu | Configuration | Server Settings | Event Filtering | Edit" then de-select eventID 1038 and click save and the clients will then stop forwarding that event. If you are actually more interested in finding out why that event is getting generated so much then you should make a post in the VSE group. EPO does not generate the event it is merely reporting that VSE sent up.