You would like to know what the possible event log entries are and their definition.
Below is a list of events that are logged on the local client and forwarded on to the Symantec Endpoint Protection Manager. Many, but not all, of these events appear in the Windows Application Log.
Raw Event Code
Occurs when antivirus scanning completes.
Occurs when antivirus scanning starts.
Definition File Sent To Server
Occurs when a parent server sends a .vdb file to a secondary server.
Occurs when scanning detects a virus.
Occurs when scanning fails to gain access to a file or directory.
Definition File Loaded
Occurs when Symantec AntiVirus loads a new .vdb file.
Occurs when a checksum error occurs when verifying a digitally signed file.
Occurs when Auto-Protect is not fully operational.
Occurs when a server updates its configurations according to the changes made from the console, excluding configuration changes made in the PRODUCTCONTROL or DOMAINDATA registry keys.
Symantec AntiVirus Shutdown
Occurs when the Rtvscan.exe service is unloaded.
Symantec AntiVirus Startup
Occurs when the Rtvscan.exe service is loaded.
Definition File Download
Occurs when new definitions are downloaded by a scheduled definitions update.
Scan Action Auto-Changed
Occurs when Symantec AntiVirus has deleted or quarantined more than 5 infected files within the last minute. The number of files quarantined or deleted and the time interval are configurable from the registry. The defaults are 5 files in 60 seconds.
Sent To Quarantine Server
Occurs when quarantined files are sent to a Quarantine Server.
Delivered To Symantec Security Response
Occurs when a file is delivered to Symantec Security Response.
Backup Restore Error
Occurs when Symantec AntiVirus cannot back up a file or restore a file from Quarantine.
Occurs when a scan is stopped before it completes. Symantec AntiVirus Auto-Protect.
Occurs when Auto-Protect fails to load.
Symantec AntiVirus Auto-Protect Loaded
Occurs when Auto-Protect loads successfully.
Symantec AntiVirus Auto-Protect Unloaded
Occurs when Auto-Protect is unloaded.
Occurs when a scheduled scan is snoozed/paused (delayed).
Occurs when a snoozed/paused scan is restarted.
Log Forwarding Error
Occurs when there is a problem with the log forwarding process. Also logs when Event and Settings Manager are started.
Occurs when definitions are rolled back.
Occurs when a computer is not protected with definitions.
Occurs when an error occurs with Auto-Protect.
General error. Primarily occurs when a configuration file cannot be read.
Occurs when SymProtect blocks a tamper attempt.
Occurs when a threat is found. This is the first of a series of steps describing the action taken.
Describes an action taken when a threat is found.
Pending Remediation Action
Occurs when Auto-Protect is ready to perform a side-effects repair for adware or spyware.
Failed Remediation Action
Occurs when Auto-Protect fails to perform a successful side-effects repair for adware or spyware.
Successful Remediation Action
Occurs when Auto-Protect performs a successful side-effects repair for adware or spyware.
Occurs when Auto-Protect finishes handling a threat.
Occurs when adware and spyware scans stop.
Occurs when adware and spyware scans start.
Threat Now Whitelisted
The Administrator has added what TruScan previously detected as a threat to the Centralized Exception list, or Symantec has added it to the internal known white listed applications list.
Interesting Process Found Start
TruScan detection start. The first step of a series describing the action taken on the process.
TruScan known applications load error
TruScan component could not be started.
TruScan engine load error
TruScan could not be started.
Interesting Process Found Finish
TruScan detection has finished handling the process.
TruScan operating system not supported
TruScan is enabled, but it is not supported on the platform.
TruScan Detected Threat Now Known
A TruScan process detection is now a confirmed signature-based security risk.
Imported Document ID: TECH105571
Subscribing will provide email updates when this Article is updated. Login is required.