Catch All - Symantec AntiVirus

Catch All - Symantec AntiVirus

Base Rule

General Symantec AntiVirus Information

Information

EVID 2 : Scan Complete

Sub Rule

Scan Complete

Other Audit Success

EVID 3 : Scan Started

Sub Rule

Scan Started

Information

EVID 6 : Error

Sub Rule

Anti-Virus Error Message

Error

EVID 7 : New Virus File Downloaded

Sub Rule

File Download

Information

EVID 12 : Symantec Endpoint Protection

Sub Rule

General Symantec AntiVirus Information

Information

EVID 13 : Shutdown Successful

Sub Rule

System Startup Or Shutdown Activity

Startup and Shutdown

EVID 14 : Startup Successful

Sub Rule

System Startup Or Shutdown Activity

Startup and Shutdown

EVID 16 : New File Request Successful

Sub Rule

Request Approved

Other Audit Success

EVID 21 : Scan Cancelled

Sub Rule

Scan Cancelled

Warning

EVID 40 :  Virus Definition Missing

Sub Rule

Virus Definitions Are Not Up To Date

Warning

EVID 45 : Security Risk Detected

Sub Rule

Suspicious Network Activity

Suspicious

EVID 51 : Security Risk Detected

Sub Rule

Suspicious Activity

Suspicious

EVID 65 : Scan Suspended

Sub Rule

Scan Stopped

Information

EVID 66 : Scan Resumed

Sub Rule

Scan Resumed

Information

EVID 69 : Scan Failure

Sub Rule

Scan Failure - Password Protected

Warning

EVID 80 : Download Failed

Sub Rule

Download Object Failure

Access Failure

EVID 34054 : SONAR Enabled

Sub Rule

Configuration Enabled : System

Configuration

EVID 34057

Sub Rule

Configuration Enabled : Security

Configuration

Provider Name

<vendorinfo>

Text/String

EventID Qualifiers

<vmid>

Number

Level

<severity>

Text/String

N/A

<login>

Text/String

N/A

<domainorigin>

Text/String

Computer

<dname>

Text/String

N/A

<object>

Text/String

N/A

<objectname>

Text/String

N/A

<objecttype>

Text/String

N/A

<parentprocesspath>

Text/String

N/A

<command>

Text/String