1 Reply Latest reply: Apr 1, 2013 10:29 AM by Kary Tankink RSS

    Events with "Agent was unable to send advanced details"

    greatscott

      Has anyone ever experienced events with the advanced parameter displaying the error "Agent was unable to send advanced details - too much data to display"?  Here is a sample event below. Is anyone aware of the underlying issue that causes this message to be displayed?

       

       

      Server ID:XXXX
      Event Received Time (UTC):3/7/13 6:58:41 PM
      Event Generated Time (UTC):3/7/13 5:36:38 PM
      Agent GUID:408CEF64-8754-462B-8D67-198B15C4B06F
      Detecting Prod ID (deprecated):HOSTIPS_8000
      Detecting Product Name:McAfee Host Intrusion Prevention
      Detecting Product Version:8.0.0
      Detecting Product Host Name:XXXXX
      Detecting Product IPv4 Address:XXXXXX
      Detecting Product IP Address:XXXXXXXXXXXXX
      Detecting Product MAC Address:XXXXXXXXXXXXXX
      DAT Version:
      Engine Version:
      Threat Source Host Name:
      Threat Source IPv4 Address:XXXXXXXXXXXX
      Threat Source IP Address:XXXXXXXXXXXX
      Threat Source MAC Address:
      Threat Source User Name:domain\user
      Threat Source Process Name:C:\WINDOWS\EXPLORER.EXE
      Threat Source URL:file:///C:\WINDOWS\EXPLORER.EXE
      Threat Target Host Name:XXXXXXXXXXXX
      Threat Target IPv4 Address:XXXXXXXXXXXX
      Threat Target IP Address:XXXXXXXXXXXXXX
      Threat Target MAC Address:XXXXXXXXXXXXX
      Threat Target User Name:
      Threat Target Port Number:
      Threat Target Network Protocol:
      Threat Target Process Name:
      Threat Target File Path:
      Event Category:File system
      Event ID:18000
      Threat Severity:Information
      Threat Name:4001
      Threat Type:read,execute
      Action Taken:Permitted
      Threat Handled:false
      Analyzer Detection Method:

       

       

       

      ePO Reachable True
      Executable file description WINDOWS EXPLORER
      Executable fingerprint 8b88ebbb05a0e56b7dcc708498c02b3e
      In Trusted Network Unknown
      Subject Distinguished Name CN=MICROSOFT WINDOWS, OU=MOPR, O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US
      Subject Organization Name MICROSOFT CORPORATION
      Warning Note Agent was unable to send advanced details - too much data to display.
      Workstation Name XXXXXXXXXXXXXX

       

      Message was edited by: greatscott on 3/29/13 11:37:51 AM CDT

       

      Message was edited by: greatscott on 3/29/13 11:38:22 AM CDT