Skip to main content
Skip table of contents

V 2.0 : SEP Malware Scan Information 1

Vendor Documentation


Rule Name

Rule Type

Common Event


V 2.0 : SEP Malware Scan InformationBase RuleScan ActivityInformation

V 2.0 : SEP Malware Scan Cancelled

Sub RuleScan CancelledWarning
V 2.0 : SEP Malware Scan CompletedSub RuleVirus Scan Completed With No Errors DetectedInformation
V 2.0 : SEP Malware Scan StartedSub Rule

Scan Started


Mapping with LogRhythm Schema  

Device key in Log MessageLogRhythm SchemaData TypeSchema Description
Time StampN/AN/ATime stamp of the record, if "Export logs to a dump file" is enabled.
Scan IDN/AN/AThe scan ID provided by the agent.
Start date TimeN/AN/AThe time that the scan started.
Stop date TimeN/AN/AThe time that the scan stopped.
Text/StringScan status as hard-coded English key:

completed = Completed
cancelled = Canceled
started = Started
Duration<seconds>NumberThe length of the scan, in seconds.
User Name 1N/AN/AUser who was logged in when scan started.
User Name 2N/AN/AUser who was logged in when scan stopped.
Message 1<subject>Text/StringScan message when scan started.
Message 2<result>Text/StringScan message when scan ended.
Command<command>Text/StringCommand sent from the SEPM.

ScanNow_Full = Do a full scan.
ScanNow_Quick = Do an Active Scan.
ScanNow_Custom = Do a custom scan.
Update_ScanNow_Full = Update content and then do a full scan.
Update_ScanNow_Quick = Update content and do an Active Scan.
Update_ScanNow_Custom = Update content and do a custom scan.
CancelScan = Cancel the scan.
# of threats foundN/AN/AThe number of threats that the scan found.
# of infected filesN/AN/AThe number of files that the scan found that were infected.
# of files scanned<quantity>NumberThe number of files scanned.
# of files omittedN/AN/AThe number of files that were omitted.
Computer<dname>Text/StringName of the machine on which the scan was run.
IP Address<dip>IP AddressIP address of the machine on which the scan was run.
Domain Name<domainimpacted>Text/StringDomain name to which the machine belongs.
Client Group NameN/AN/AClient group name in the SEPM.
Server NameN/AN/AName of the server.
Scan Type<objecttype>Text/StringScheduled Scan, DefWatch, ScanNow_Quick, ScanNow_Custom, ScanNow_Full, Manual.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.