Threat Analysis Report shows Severity: -2 and Description: Report not available - Analysis incomplete to old scan results
Last Modified: 2022-04-21 12:39:21 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Threat Analysis Report shows Severity: -2 and Description: Report not available - Analysis incomplete to old scan results
Technical Articles ID:
KB95539
Last Modified: 2022-04-21 12:39:21 Etc/GMT Environment
Advanced Threat Defense (ATD) 4.x
Problem
ATD shows severity conviction, such as Information, Low, Medium, and High, in your past scan results. You see these results listed in the table under Analysis, Analysis Reports. But, if you select the Analysis Summary from the table, Threat Analysis Report shows the following error, contradicting the Analysis Reports table: Severity: -2
Description: Report not available - Analysis incomplete Cause
The analysis report file is obtained from the ATD back-end file system, owing to the built-in scheduled disk cleanup task.
Solution
ATD keeps the analysis reports in HTML, PDF, and other formats as files in the back-end. When you get a request for an analysis report, the user interface copies the analysis report of the requested format from the back-end file system. The GUI then presents it if the analysis report file exists. If the analysis report file no longer exists in the back-end file system, the user interface shows a report with Severity: -2, and Description: Report not available - Analysis incomplete. The ATD system uses a built-in scheduled disk cleanup task. The task deletes old analysis report files from the back-end to free up disk space. The clean-up triggers when the disk usage reaches its internal threshold. The task deletes the analysis files from the oldest, until the disk usage lowers to the internal threshold. The lifetime of analysis report files depends on how much scan load your ATD can take. The model of your ATD that determines the available disk space, vATD, has the least disk capacity. This low capacity means that you might see this issue when viewing any recent scan results. In a busy ATD installation, the lifetime of an analysis report can be as short as three days. To verify if your analysis report file is deleted owing to the disk cleanup task, perform the steps below:
To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Affected ProductsLanguages:This article is available in the following languages: |
|