Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Weird Alert Message

Status
Not open for further replies.
bigboy2

bigboy2

IS-IT--Management
Dec 16, 2002
7
0
0
IL
Hello,

I'm getting this error message very often from different comupters over the network:

"the file xxxxxx is infected with '_' Known Virus. Detected with Scan Engine 4.1.60 DAT Version 4.0.4237. ( FROM PC101 IP xxx.xxx.xxx.xxx user SYSTEM running VirusScan '_' OAS)


anyone has any idea what does that mean ? and how can i avoid having those alerts ?
 
Sort by date Sort by votes
Hi

Looks like you have activated Alert Manager on your workstations to send a Network Message.

Check your VisrusScan config and turn it off on your NetShield / Alert Manager.

Cheers
AVDude
 
Upvote 0 Downvote
Hello again,

Yeah, I did activate Alert Manager, but what i'm asking about is the - '_' Known Virus - What does that mean ?

It's not really a virus but I get a lot of those messages.
 
Upvote 0 Downvote
Ok

You need to check the log on the machine that sends the alert. It could be a virus detected generecally or heuristically. IE, no name can be fitted on the virus code.

Cheers
AVDude
 
Upvote 0 Downvote
Hello again,

I've checked, and on all computers which sent that alert the heuristics and macro scanning is not enabled.

what causes this message ? How do i disable it ?
 
Upvote 0 Downvote
Hello,

You were probably right AVDude. Now my problem is setting the " enable heuristics scanning " off on all the computers on the network. I plan to do that via a script on the netlogon which will change the registry, but when i changed it, i saw it didn't take effect.

(I changed the 2 values concerning the heuristics scanning in the on acces key in the registry)

Is there something else i should do ?
 
Upvote 0 Downvote
Hi

You might want to think about that they could alert on a real virus.
Run on demand scan and take a look in the logs to make sure that your clients are virus free.
That should be of more concern than any network messages.

Bare in mind that heuristics gives you that extra protective layer.

Are you running ePO? If not, that config change would be a piece of cake.

Cheers
AVDude
 
Upvote 0 Downvote
Hello Again,

I'm not working with ePO. How do i disable only the heuristics scanning on each computer without entering the advanced window ? ( by changing the registy maybe )
 
Upvote 0 Downvote
Hi

Probably some tweaking in the registry. I'm running ePO myself so I have never gone that way.

Cheers
AVDude
 
Upvote 0 Downvote
Suggest you install VS 4.51 SP1 or NS 4.5 SP1. This ScanArchiveTimeout should be addressed there. If not, if you can access the NAI Knowledge Base, I believe they have a registry fix for this.

HTH,
AVChap
... take my advice, I don't use it anyway!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

desrose
  • Locked
  • Question
snort rules alert for maximum tcp connection of 10
Replies
1
Views
52
kjv1611
kjv1611
kzn
  • Locked
  • Question
Error communicating with Firebox 10.0.0.1. IO_ERROR: Message processing timeout. Please try again
Replies
2
Views
62
kzn
kzn
akacommie
  • Locked
  • Question
Text Message and Mobile Email Encyption Product
Replies
0
Views
25
akacommie
akacommie
acollard83
  • Locked
  • Question
PIX 515e Unrestricted Weird Issue
Replies
1
Views
20
acollard83
acollard83
kholladay
  • Locked
  • Question
VPN Tunnel causes IP spoof dropped message
Replies
0
Views
24
kholladay
kholladay

Part and Inventory Search

Sponsor

Back
Top