Catch All - Symantec AntiVirus

Classification

Rule Name	Rule Type	Common Event	Classification
Catch All - Symantec AntiVirus	Base Rule	General Symantec AntiVirus Information	Information
EVID 2 : Scan Complete	Sub Rule	Scan Complete	Other Audit Success
EVID 3 : Scan Started	Sub Rule	Scan Started	Information
EVID 6 : Error	Sub Rule	Anti-Virus Error Message	Error
EVID 7 : New Virus File Downloaded	Sub Rule	File Download	Information
EVID 12 : Symantec Endpoint Protection	Sub Rule	General Symantec AntiVirus Information	Information
EVID 13 : Shutdown Successful	Sub Rule	System Startup Or Shutdown Activity	Startup and Shutdown
EVID 14 : Startup Successful	Sub Rule	System Startup Or Shutdown Activity	Startup and Shutdown
EVID 16 : New File Request Successful	Sub Rule	Request Approved	Other Audit Success
EVID 21 : Scan Cancelled	Sub Rule	Scan Cancelled	Warning
EVID 40 : Virus Definition Missing	Sub Rule	Virus Definitions Are Not Up To Date	Warning
EVID 45 : Security Risk Detected	Sub Rule	Suspicious Network Activity	Suspicious
EVID 51 : Security Risk Detected	Sub Rule	Suspicious Activity	Suspicious
EVID 65 : Scan Suspended	Sub Rule	Scan Stopped	Information
EVID 66 : Scan Resumed	Sub Rule	Scan Resumed	Information
EVID 69 : Scan Failure	Sub Rule	Scan Failure - Password Protected	Warning
EVID 80 : Download Failed	Sub Rule	Download Object Failure	Access Failure
EVID 34054 : SONAR Enabled	Sub Rule	Configuration Enabled : System	Configuration
EVID 34057	Sub Rule	Configuration Enabled : Security	Configuration