As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
1 つのイベント ID で異なる自然言語文字列を表示することが可能です。イベント ID はそれぞれ特定の意味を持っていますが、イベントの詳細によって、そのイベントの詳細を表現するために使われる言語の種類が決まります。例えば、イベント ID 1272 の 1 つのインスタンスは、期待されるすべての情報を含んでいるかもしれない。そこで、そのすべての情報を最もよく表現する NLS が選択されます。イベント ID 1272 の別のインスタンスには、プロセス名がない場合があります。プロセス名を表すために空白を使用するのは混乱を招くので、別の NLS を使用します。この NLS はプロセス名を省略しますが、既知の詳細の残りを説明します。
" <domain>\<user> ran <process name>, which attempted to access <path>\<filename>. The <malware type> named <malware name> was detected and access to the file was denied."
NLS 検出メッセージの例:
"Interweb\jsmith ran notepad.exe, which attempted to access C:\data\temp\eicar.com. The Test Virus named Eicar Test File was detected and access to the file was denied."
"|TargetUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|. The ||ThreatType|| named |ThreatName| was detected and deleted."
IDS_NATURAL_LANG_OAS_DETECTION_CLN
"|TargetUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|. The ||ThreatType|| named |ThreatName| was detected and cleaned."
IDS_NATURAL_LANG_OAS_DETECTION_DEN
"|TargetUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|. The ||ThreatType|| named |ThreatName| was detected and access to the file was denied."
"Attempted to access |TargetPath|\|TargetName| and the threat ||ThreatType|| named |ThreatName| was detected."
IDS_NATURAL_LANG_OAS_DETECTION_NON
"|TargetUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName| and the ||ThreatType|| named |ThreatName| was detected."
IDS_NATURAL_LANG_OAS_DETECTION_MOV
"|TargetUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|. The ||ThreatType|| named |ThreatName| was detected and the file was moved."
IDS_NATURAL_LANG_OAS_DETECTION_BLO
"|TargetUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|. The ||ThreatType|| named |ThreatName| was detected and blocked."
IDS_NATURAL_LANG_OAS_DETECTION_GENERIC
"|TargetUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|. The ||ThreatType|| named |ThreatName| was detected. The scanner took the following action: ||ThreatActionTaken||."
IDS_NATURAL_LANG_OAS_DETECTION_ENC
"|AV_DETECTION_USERNAME| accessed |AV_DETECTION_FULL_LOCATION|. The scanner could not scan |TargetName| because it was encrypted."
IDS_NATURAL_LANG_OAS_DETECTION_ENC2
"An unknown user accessed |AV_DETECTION_FULL_LOCATION|. The scanner could not scan the file because it was encrypted."
IDS_NATURAL_LANG_OAS_DETECTION_TO
"|TargetUserName| ran |SourceProcessName|, which accessed |TargetPath|\|TargetName|. The file scan ran for the maximum time allotted and was canceled."
IDS_NATURAL_LANG_OAS_DETECTION_TO2
"An unknown user accessed |AV_DETECTION_FULL_LOCATION|. The file scan ran for the maximum time allotted and was canceled."
IDS_NATURAL_LANG_OAS_DETECTION_COR
"|AV_DETECTION_USERNAME| accessed \"|AV_DETECTION_FULL_LOCATION|\". The file is corrupt and could not be scanned."
IDS_NATURAL_LANG_OAS_DETECTION_COR2
"An unknown user accessed |AV_DETECTION_FULL_LOCATION|. The scanner couldn't scan the file because it is corrupted."
IDS_NATURAL_LANG_OAS_DETECTION_DLP
"|TargetUserName| ran \"|SourceProcessName|\", which attempted to access \"|TargetPath|\|TargetName|\". The threat ||ThreatType|| named |ThreatName| was detected but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."
"Attempted to access |TargetPath|\|TargetName|. The threat ||ThreatType|| named |ThreatName| was detected but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."
IDS_NATURAL_LANG_OAS_DETECTION_NRP
"|TargetUserName| ran \"|SourceProcessName|\", which attempted to access |TargetPath|\|TargetName|. The threat ||ThreatType|| named |ThreatName| was detected but no clean information is available."
IDS_NATURAL_LANG_OAS_DETECTION_SHV
"|AV_DETECTION_USERNAME| accessed \"|AV_DETECTION_FULL_LOCATION|\". The scanner could not scan the file due to a sharing violation."
IDS_NATURAL_LANG_OAS_DETECTION_SHV2
"An unknown user accessed |AV_DETECTION_FULL_LOCATION|. The scanner could not scan the file due to a sharing violation."
IDS_NATURAL_LANG_OAS_DETECTION_NPM
"|AV_DETECTION_USERNAME| accessed \"|AV_DETECTION_FULL_LOCATION|\". The scanner could not scan the file because it doesn't have access rights."
IDS_NATURAL_LANG_OAS_DETECTION_NPM2
"An unknown user accessed |AV_DETECTION_FULL_LOCATION|. The scanner could not scan the file because it doesn't have access rights."
IDS_NATURAL_LANG_OAS_DETECTION_DLR
"|TargetUserName| ran \"|SourceProcessName|\", which attempted to access |TargetPath|\|TargetName|. The threat ||ThreatType|| named |ThreatName| was detected and will be deleted on reboot."
IDS_NATURAL_LANG_OAS_DETECTION_DLE
"|TargetUserName| ran \"|SourceProcessName|\", which attempted to access |TargetPath|\|TargetName|. The threat ||ThreatType|| named |ThreatName| was detected but deletion failed."
IDS_NATURAL_LANG_OAS_DETECTION_BUE
"|TargetUserName| ran \"|SourceProcessName|\", which attempted to access |TargetPath|\|TargetName|. The threat ||ThreatType|| named |ThreatName| was detected but quarantine failed."
IDS_NATURAL_LANG_OAS_DETECTION_R_DEL
"|TargetPath|\|TargetName| was accessed from the remote system |SourceIPV4|. The ||ThreatType|| named |ThreatName| was detected and deleted."
IDS_NATURAL_LANG_OAS_DETECTION_R_CLN
"|TargetPath|\|TargetName| was accessed from the remote system |SourceIPV4|. The ||ThreatType|| named |ThreatName| was detected and cleaned."
IDS_NATURAL_LANG_OAS_DETECTION_R_DEN
"|TargetPath|\|TargetName| was accessed from the remote system |SourceIPV4|. The ||ThreatType|| named |ThreatName| was detected and access to the file was denied."
IDS_NATURAL_LANG_OAS_DETECTION_R_NON
"|TargetPath|\|TargetName| was accessed from the remote system |SourceIPV4|. The ||ThreatType|| named |ThreatName| was detected."
IDS_NATURAL_LANG_OAS_DETECTION_R_MOV
"|TargetPath|\|TargetName| was accessed from the remote system |SourceIPV4|. The ||ThreatType|| named |ThreatName| was detected and the file was moved."
IDS_NATURAL_LANG_OAS_DETECTION_R_BLO
"|TargetPath|\|TargetName| was accessed from the remote system |SourceIPV4|. The ||ThreatType|| named |ThreatName| was detected and blocked."
IDS_NATURAL_LANG_OAS_DETECTION_R_ENC
"|AV_DETECTION_USERNAME| accessed |AV_DETECTION_FULL_LOCATION|. The scanner could not scan the file because it was encrypted."
IDS_NATURAL_LANG_OAS_DETECTION_R_TO
"|TargetPath|\|TargetName| was accessed from the remote system |SourceIPV4|. The file scan ran for the maximum time allotted and was canceled."
IDS_NATURAL_LANG_OAS_DETECTION_R_DLP
"The file |TargetPath|\|TargetName| was accessed from remote system |SourceIPV4|. The threat ||ThreatType|| named |ThreatName| was detected but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."
IDS_NATURAL_LANG_OAS_DETECTION_R_NRP
"The file |TargetPath|\|TargetName| was accessed from remote system |SourceIPV4|. The threat ||ThreatType|| named |ThreatName| was detected but no clean information is available."
IDS_NATURAL_LANG_OAS_DETECTION_R_DLR
"The file |TargetPath|\|TargetName| was accessed from remote system |SourceIPV4|. The threat ||ThreatType|| named |ThreatName| was detected and will be deleted on reboot."
IDS_NATURAL_LANG_OAS_DETECTION_R_DLE
"The file |TargetPath|\|TargetName| was accessed from remote system |SourceIPV4|. The threat ||ThreatType|| named |ThreatName| was detected but deletion failed."
IDS_NATURAL_LANG_OAS_DETECTION_R_BUE
"The file |TargetPath|\|TargetName| was accessed from remote system |SourceIPV4|. The threat ||ThreatType|| named |ThreatName| was detected but quarantine failed."
IDS_NATURAL_LANG_OAS_DETECTION_B_CLN
"|TargetUserName| accessed volume |TargetPath|:. The ||ThreatType|| named |ThreatName| was detected in the boot sector and cleaned."
IDS_NATURAL_LANG_OAS_DETECTION_B_DEN
"|TargetUserName| accessed volume |TargetPath|:. The ||ThreatType|| named |ThreatName| was detected in the boot sector. Both the primary (||FirstAttemptedAction||) and secondary (||SecondAttemptedAction||) actions failed, so access to the file was denied."
IDS_NATURAL_LANG_OAS_DETECTION_ERROR
"The scanner detected a threat but, due to an error, no additional information is available."
IDS_NATURAL_LANG_OAS_DETECTION_NO_INFO
"The scanner detected a threat while scanning |TargetName| but, due to an error, no additional information is available."
"|SourceUserName| ran |SourceProcessName|, which attempted to access |TargetPath|, violating the rule \"||AnalyzerRuleName||\" and was blocked. For information on how to respond to this event, see KB85494."
IDS_NATURAL_LANG_DESC_DETECTION_APSP_2
"|SourceUserName| ran |SourceProcessName|, which attempted to access |TargetPath|\|TargetName|, violating the rule \"||AnalyzerRuleName||\" and was blocked. For information on how to respond to this event, see KB85494."
IDS_NATURAL_LANG_DESC_DETECTION_APSP_3
"|SourceUserName| ran |SourceProcessName|, which attempted to access |TargetProcessName|, violating the rule \"||AnalyzerRuleName||\" and was blocked. For information on how to respond to this event, see KB85494."
IDS_NATURAL_LANG_DESC_DETECTION_APSP_4
"|SourceUserName| ran |SourceProcessName|, which accessed |TargetPath|, violating the rule \"||AnalyzerRuleName||\". Access was allowed because the rule wasn't configured to block."
IDS_NATURAL_LANG_DESC_DETECTION_APSP_5
"|SourceUserName| ran |SourceProcessName|, which accessed |TargetPath|\|TargetName|, violating the rule \"||AnalyzerRuleName||\". Access was allowed because the rule wasn't configured to block."
IDS_NATURAL_LANG_DESC_DETECTION_APSP_6
"|SourceUserName| ran |SourceProcessName|, which accessed the process |TargetProcessName|, violating the rule \"||AnalyzerRuleName||\". Access was allowed because the rule wasn't configured to block."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_1
All but SMEP and TAMPER (no API name or caller module)
"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName| and was ||ThreatActionTaken||."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_2
All but SMEP & TAMPER with API name
"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName|, which targeted the |APIName| API, and was ||ThreatActionTaken||."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_4
All but SMEP & TAMPER with a caller module
"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName| called from module |CallerModule|, which targeted the |APIName| API, and was ||ThreatActionTaken||."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_3
SMEP
"|ThreatName| attempted an exploit at |ThreatTimestamp| and was ||ThreatActionTaken||. For more information, check the Windows Event Viewer for record number |TargetName|."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_5
TAMPER
TAMPER
"Tampering has been detected with Exploit Prevention's monitoring of processes on this computer."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_1N
All but SMEP and TAMPER (no API name or caller module)
"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName|. It wasn't blocked because Exploit Prevention was set to Report Only."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_2N
All but SMEP & TAMPER with API name
"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName|, which targeted the |APIName|) API. It wasn't blocked because Exploit Prevention was set to Report Only."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_4N
All but SMEP & TAMPER with a caller module
"|ThreatName| attempted to exploit |TargetPath|\|TargetProcessName| called from module |CallerModule|, which targeted the |APIName| API. It wasn't blocked because Exploit Prevention was set to Report Only."
IDS_NATURAL_LANG_DESC_DETECTION_BOP_3N
SMEP
"|ThreatName| attempted an exploit at |ThreatTimestamp|. For more information, check the Windows Event Viewer for record number |TargetName|. It wasn't blocked because Exploit Prevention was set to Report Only."
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. Both the primary (||FirstAttemptedAction||) and secondary (||SecondAttemptedAction||) actions failed, so the scanner took no action."
IDS_NATURAL_LANG_ODS_DETECTION_CLEANED
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. The file was cleaned."
IDS_NATURAL_LANG_ODS_DETECTION_DELETED
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. The file was deleted."
IDS_NATURAL_LANG_ODS_DETECTION_GENERIC
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. The scanner took the following action: ||ThreatActionTaken||."
IDS_NATURAL_LANG_ODS_DETECTION_NO_INFO
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. Due to an error, no additional information is available."
IDS_NATURAL_LANG_ODS_DETECTION_B_NONE
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning the boot sector of volume |TargetPath|:. Both the primary (||FirstAttemptedAction||) and secondary (||SecondAttemptedAction||) actions failed, so the scanner took no action."
IDS_NATURAL_LANG_ODS_DETECTION_B_CLEANED
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning the boot sector of volume |TargetPath|:. The boot sector was cleaned."
IDS_NATURAL_LANG_ODS_DETECTION_ENC
"|TargetUserName| ran the ||TaskName|| on-demand scan. The scanner could not scan |TargetName| because it was encrypted."
IDS_NATURAL_LANG_ODS_DETECTION_TO
"|TargetUserName| ran on-demand scan ||TaskName||, which was unable to scan |TargetName| because the scan timed out."
IDS_NATURAL_LANG_ODS_DETECTION_FS
"|TargetUserName| ran on-demand scan ||TaskName||, which was unable to scan |TargetName| because the file size exceeds the configured maximum file size to scan."
IDS_NATURAL_LANG_ODS_DETECTION_COR
"|TargetUserName| ran on-demand scan ||TaskName||, which was unable to scan |TargetName| because the file is corrupt."
IDS_NATURAL_LANG_ODS_DETECTION_DLP
"|TargetUserName| ran on-demand scan ||TaskName||, which detected the threat ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName| but the file can't be deleted because it's locked. The file will be deleted when the file isn't locked. To identify the process locking the file, see KB85494."
IDS_NATURAL_LANG_ODS_DETECTION_NRP
"|TargetUserName| ran on-demand scan ||TaskName||, which detected the threat ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. However, no clean information is available."
IDS_NATURAL_LANG_ODS_DETECTION_SHV
"|TargetUserName| ran on-demand scan ||TaskName||, which was unable to scan |TargetName| due to a sharing violation."
IDS_NATURAL_LANG_ODS_DETECTION_NPM
"|TargetUserName| ran on-demand scan ||TaskName||, which was unable to scan |TargetName| because the scanner doesn't have access rights to it."
IDS_NATURAL_LANG_ODS_DETECTION_DLR
"|TargetUserName| ran on-demand scan ||TaskName||, which detected the threat ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. The threat will be deleted on reboot."
IDS_NATURAL_LANG_ODS_DETECTION_DLE
"|TargetUserName| ran on-demand scan ||TaskName||, which detected the threat ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. However, deletion of the threat failed."
IDS_NATURAL_LANG_ODS_DETECTION_BUE
"|TargetUserName| ran on-demand scan ||TaskName||, which detected the threat ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. However, quarantine of the threat failed."
IDS_NATURAL_LANG_ODS_DETECTION_ERROR
"The on-demand scan detected a threat but, due to an error, no additional information is available."
IDS_ALERT_ACT_TAK_CONT
"|TargetUserName| ran the ||TaskName|| on-demand scan, which detected the ||ThreatType|| named |ThreatName| while scanning |TargetPath|\|TargetName|. The scanner took the following action: ||ThreatActionTaken||."
"The application |SourceFilePath|\|SourceProcessName| was contained at the request of |RequesterDisplayName|."
IDS_NATURAL_LANG_DESC_DAC_2
"|RequesterDisplayName| requested to contain the application |SourceFilePath|\|SourceProcessName|, which is already contained."
IDS_NATURAL_LANG_DESC_DAC_3
"The application |SourceFilePath|\|SourceProcessName| was released from containment at the request of |RequesterDisplayName|."
IDS_NATURAL_LANG_DESC_DAC_4
"|RequesterDisplayName| requested to release the application |SourceFilePath|\|SourceProcessName|. However, the application is still contained because other requests remain."
IDS_NATURAL_LANG_DESC_DAC_5
"|RequesterDisplayName| request to contain |SourceFilePath|\|SourceProcessName| was removed due to an exclusion and the application was released from containment."
IDS_NATURAL_LANG_DESC_DAC_6
"|RequesterDisplayName| request to contain |SourceFilePath|\|SourceProcessName| was removed due to an exclusion."
IDS_NATURAL_LANG_DESC_DAC_7
"|RequesterDisplayName| request to contain |SourceFilePath|\|SourceProcessName| was removed and the application was released from containment because Dynamic Application Containment was uninstalled."
IDS_NATURAL_LANG_DESC_DAC_8
"|RequesterDisplayName| request to contain |SourceFilePath|\|SourceProcessName| was removed because Dynamic Application Containment was uninstalled."
JavaScript or VBScript security violation detected and blocked
Threat Prevention
1092
Access Protection rule violation detected and blocked
Threat Prevention
1095
Access Protection rule violation detected and NOT blocked
Threat Prevention
1096
event_name_1096=Port blocking rule violation detected and NOT blocked
event_desc_1096=Port blocking rule violation detected and NOT blocked
Threat Prevention
1102
event_name_1102=Multiple extension heuristic detection - moved
event_desc_1102=The file %FILENAME% detected with multiple extension heuristics. The file was moved to the quarantine area. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1103
event_name_1103=Prescan needed
event_desc_1103=The file %FILENAME% is infected with the %VIRUSNAME% %VIRUSTYPE%. Prescan is needed for removal. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1104
event_name_1104=Multiple extension heuristic detection - delete on reboot
event_desc_1104=The file %FILENAME% detected with multiple extension heuristics. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1106
event_name_1106=Multiple extension heuristic detection - message deleted
event_desc_1106=The message %FILENAME% detected with multiple extension heuristics. The message has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1118
The update was successful
Common
1119
The update failed; see event log
Common
1120
The update is running
Common
1121
The update was cancelled
Common
1202
event_name_1202=On-Demand Scan started
event_desc_1202=On-Demand Scan started
Threat Prevention
1203
event_name_1203=On-Demand Scan complete
event_desc_1203=On-Demand Scan complete. Viruses Found %NUMVIRS%, Cleaned %NUMCLEANED%, Deleted %NUMDELETED%, Quarantined %NUMQUARANTINED%.Scan version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1278
file infected. No cleaner available, file deleted successfully
file infected. No cleaner available, OAS denied access and continued
Threat Prevention
1292
file infected. Undetermined clean error, OAS denied access and continued
Threat Prevention
1300
file infected. Delete failed, denied access and continued (OAS)
Threat Prevention
1301
event_name_1301=Multiple extension heuristic detection - clean error, quarantined successfully
event_desc_1301=The file %FILENAME% detected with multiple extension heuristics. The file was moved to the quarantine area. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1302
event_name_1302=Multiple extension heuristic detection - move failed, clean error
event_desc_1302=The file %FILENAME% detected with multiple extension heuristics. Unable to move the file to quarantine area and unable to clean the file. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1303
event_name_1303=Multiple extension heuristic detection - clean error, deleted successfully
event_desc_1303=The file %FILENAME% detected with multiple extension heuristics. The file has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1304
event_name_1304=Multiple extension heuristic detection - clean error, delete failed
event_desc_1304=The file %FILENAME% detected with multiple extension heuristics. Unable to clean the file and unable to delete the file. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1305
event_name_1305=Multiple extension heuristic detection - clean error, denied access and continued
event_desc_1305=The file %FILENAME% detected with multiple extension heuristics. Access to the file was denied. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1306
event_name_1306=Multiple extension heuristic detection - move failed, deleted successfully
event_desc_1306=The file %FILENAME% detected with multiple extension heuristics. The file has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1307
event_name_1307=Multiple extension heuristic detection - move failed, delete failed
event_desc_1307=The file %FILENAME% detected with multiple extension heuristics. Unable to move the file to quarantine area and unable to delete the file. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1308
event_name_1308=Multiple extension heuristic detection - move failed, denied access and continued
event_desc_1308=The file %FILENAME% detected with multiple extension heuristics. Access to the file was denied. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1309
event_name_1309=Multiple extension heuristic detection - delete failed, quarantined successfully
event_desc_1309=The file %FILENAME% detected with multiple extension heuristics. The file was moved to the quarantine area. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1310
event_name_1310=Multiple extension heuristic detection - delete failed, quarantine failed
event_desc_1310=The file %FILENAME% detected with multiple extension heuristics. Unable to delete the file and unable to move the file to quarantine area. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1311
event_name_1311=Multiple extension heuristic detection - delete failed, denied access and continued
event_desc_1311=The file %FILENAME% detected with multiple extension heuristics. Access to the file was denied. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1312
event_name_1312=Move failed, delete failed, file will be deleted on reboot
event_desc_1312=The file %FILENAME% is infected with %VIRUSNAME% %VIRUSTYPE%. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1313
event_name_1313=Multiple extension heuristic detection - move failed, delete failed, file will be deleted on reboot
event_desc_1313=The file %FILENAME% detected with multiple extension heuristics. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1314
event_name_1314=Encrypted file - clean error, delete on reboot
event_desc_1314=The encrypted file %FILENAME% will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1315
event_name_1315=Heuristic detection - clean error, delete on reboot
event_desc_1315=The file %FILENAME% detected with heuristics. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1316
event_name_1316=Multiple extension heuristic detection - clean error, delete on reboot
event_desc_1316=The file %FILENAME% detected with multiple extension heuristics. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1317
event_name_1317=No cleaner available - clean error, delete on reboot
event_desc_1317=The file %FILENAME% is infected with %VIRUSNAME% %VIRUSTYPE%. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1318
event_name_1318=Undetermined - clean error, delete on reboot
event_desc_1318=The file %FILENAME% has an undetermined infection. The file will be deleted on reboot. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1319
event_name_1319=Undetermined - clean error, message deleted
event_desc_1319=The message %FILENAME% contains the %VIRUSNAME% %VIRUSTYPE%. The message has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1320
event_name_1320=Encrypted - clean error, message deleted
event_desc_1320=Encrypted message %FILENAME% has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1321
event_name_1321=Heuristic detection - clean error, message deleted
event_desc_1321=The message %FILENAME% detected with heuristics. The message has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1322
event_name_1322=Multiple extension heuristic detection - clean error, message deleted
event_desc_1322=The message %FILENAME% detected with multiple extension heuristics. The message has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1323
event_name_1323=Clean error, message deleted
event_desc_1323=The message %FILENAME% contains the %VIRUSNAME% %VIRUSTYPE%. The message has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1324
event_name_1324=Move failed, message deleted
event_desc_1324=The message %FILENAME% contains the %VIRUSNAME% %VIRUSTYPE%. The message has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
Threat Prevention
1325
event_name_1325=Multiple extension heuristic detection - move failed, message deleted
event_desc_1325=The message %FILENAME% detected with multiple extension heuristics. The message has been deleted. Detected using Scan engine version %ENGINEVERSION% DAT version %DATVERSION%.
event_name_1400=User defined object detected, no Action Taken
event_desc_1400=User defined object detected, no Action Taken
Threat Prevention
1401
event_name_1401=Clean failed (user defined detection), no Action Taken
event_desc_1401=Clean failed (user defined detection), no Action Taken
Threat Prevention
1402
event_name_1402=Clean failed (user defined detection), Move failed
event_desc_1402=Clean failed (user defined detection), Move failed
Threat Prevention
1403
event_name_1403=Moved (user defined detection), Clean failed
event_desc_1403=Moved (user defined detection), Clean failed
Threat Prevention
1404
event_name_1404=Clean failed (user defined detection), Delete failed
event_desc_1404=Clean failed (user defined detection), Delete failed
Threat Prevention
1405
event_name_1405=Deleted (user defined detection), Clean failed
event_desc_1405=Deleted (user defined detection), Clean failed
Threat Prevention
1406
event_name_1406=Moved (user defined detection)
event_desc_1406=Moved (user defined detection)
Threat Prevention
1407
event_name_1407=Move failed(user defined detection), Delete failed
event_desc_1407=Move failed(user defined detection), Delete failed
Threat Prevention
1408
event_name_1408=Deleted (user defined detection), Move failed
event_desc_1408=Deleted (user defined detection), Move failed
Threat Prevention
1409
event_name_1409=Move failed(user defined detection), no Action Taken
event_desc_1409=Move failed(user defined detection), no Action Taken
Threat Prevention
1410
event_name_1410=Deleted (user defined detection)
event_desc_1410=Deleted (user defined detection)
Threat Prevention
1411
event_name_1411=Delete failed (user defined detection), Move failed
event_desc_1411=Delete failed (user defined detection), Move failed
Threat Prevention
1412
event_name_1412=Moved (user defined detection), Delete failed
event_desc_1412=Moved (user defined detection), Delete failed
Threat Prevention
1413
event_name_1413=Delete failed (user defined detection), no Action Taken
event_desc_1413=Delete failed (user defined detection), no Action Taken
Threat Prevention
1414
event_name_1414=Clean failed, delete failed, file (user defined detection) will be deleted on reboot
event_desc_1414=Clean failed, delete failed, file (user defined detection) will be deleted on reboot
Threat Prevention
1415
event_name_1415=Deleted failed, file (user defined detection) will be deleted on reboot
event_desc_1415=Deleted failed, file (user defined detection) will be deleted on reboot
Threat Prevention
1416
event_name_1416=Move failed, delete failed, file (user defined detection) will be deleted on reboot
event_desc_1416=Move failed, delete failed, file (user defined detection) will be deleted on reboot
Threat Prevention
1417
event_name_1417=Email message deleted (user defined detection)
event_desc_1417=Email message deleted (user defined detection)
Threat Prevention
1418
event_name_1418=Email message deleted (user defined detection), Clean failed
event_desc_1418=Email message deleted (user defined detection), Clean failed
Threat Prevention
1419
event_name_1419=Email message deleted (user defined detection), Move failed
event_desc_1419=Email message deleted (user defined detection), Move failed
Threat Prevention
1420
event_name_1420=Email message deleted (user defined detection), Delete failed
event_desc_1420=Email message deleted (user defined detection), Delete failed
Threat Prevention
1421
event_name_1421=Clean error as no cleaner was available, and delete pending
event_desc_1421=Clean error as no cleaner was available, and delete pending
Threat Prevention
1422
event_name_1422=Clean failed for heuristic detection, delete pending
event_desc_1422=Clean failed for heuristic detection, delete pending
event_name_18051=An unauthorized escalation of privilege was attempted and blocked (SMEP)
event_desc_18051=An unauthorized escalation of privilege was attempted and blocked (SMEP)
Threat Prevention
18052
event_name_18052=Buffer Overflow detected and blocked (GBOP)
event_desc_18052=Buffer Overflow detected and blocked (GBOP)
Threat Prevention
18053
event_name_18053=An unauthorized escalation of privilege was attempted and blocked (GPEP)
event_desc_18053=An unauthorized escalation of privilege was attempted and blocked (GPEP)
Threat Prevention
18054
event_name_18054=An exploit was attempted and blocked
event_desc_18054=An exploit was attempted and blocked
Threat Prevention
18055
event_name_18055=A suspicious call was detected and blocked
event_desc_18055=A suspicious call was detected and blocked
Threat Prevention
18056
event_name_18056=Buffer Overflow detected and blocked (DEP)
event_desc_18056=Buffer Overflow detected and blocked (DEP)
Threat Prevention
18057
event_name_18057=Tampering with Exploit Prevention has been detected.
event_desc_18057=Tampering with Exploit Prevention has been detected.
event_name_34920=Roll back successful
event_desc_34920=Roll back successful
Threat Prevention
34921
event_name_34921=Roll back failed
event_desc_34921=Roll back failed
Threat Prevention
34922
event_name_34922=Roll back did not occur
event_desc_34922=Roll back did not occur
Threat Prevention
34923
event_name_34923=The item was corrupt
event_desc_34923=The item was corrupt
Threat Prevention
34924
event_name_34924=The object was not scanned due to a sharing violation
event_desc_34924=The object was not scanned due to a sharing violation
Threat Prevention
34925
event_name_34925=The object was not scanned because the scanner does not have enough rights to read it
event_desc_34925=The object was not scanned because the scanner does not have enough rights to read it
Threat Prevention
34926
event_name_34926=The object was not scanned because the file size exceeds the configured maximum file size to scan.
event_desc_34926=The object was not scanned because the file size exceeds the configured maximum file size to scan.