Endpoint Protection

 View Only

  • 1.  List of SEP event id's in windows event viewer -monitoring

    Posted Jul 26, 2018 05:29 AM

    Hi all,

    Does Symantec have or does anyone know the list of SEP v14 event ID's that would be written to the Windows event viewer?

    We would like to monitor the windows event viewer logs for SEP via SCOM. Anyone monitoring it currently?

    Thanks in advance for any assistance provided.

    T



  • 2.  RE: List of SEP event id's in windows event viewer -monitoring

    Posted Jul 26, 2018 06:33 AM

    Closest they have:

    https://www.symantec.com/docs/TECH186925

    I don;t see one for 14 though but maybe these will still work.

    SEP has it's pwn event log source in the Windows event viewer so maybe you can pull the whole entirety and filter on what you need?



  • 3.  RE: List of SEP event id's in windows event viewer -monitoring

    Posted Jul 27, 2018 12:28 AM

    Thanks. I got some feedback from Symantec support that the event ID's change from version to version .



  • 4.  RE: List of SEP event id's in windows event viewer -monitoring

    Posted Aug 01, 2018 06:36 AM

    What I've gathered so far:

    EVENT ID TASK CATEGORY DETAILS
    7 None New virus definition file loaded.
    202 Content Content installed successfully on the client
    200 Content Content downloaded successfully to the client
    3 None Scan started on selected drives and folders and all extensions
    2 None Scan complete
    12 None Changed value 'reg key'
    100 Connectivity Symantec Endpoint Protection client is online and able to access the management server
    101 Connectivity Symantec Endpoint Protection is unable to connect to the management server
    34054 None SONAR has been enabled
    34054 None Suspicious Behavior Detection has been enabled
    34057 None Symantec Endpoint Protection Tamper Protection Enabled
    23 None Symantec Endpoint Protection Auto-Protect Enabled
    129 None Reputation check timed out during unproven file evaluation, likely due to network delays
    6 None Could not scan 'x' files inside [path] duye to extraction errors encountered by the Decomposer Engines. Application has encountered an error.
    45 None Tamper Protection Detection
    51 None Security Risk Found
    201 Content Content download to the client failed
    26 None Scan Delayed
    203 Content Content install failed on the client
    21 None Scan Failure: Not enough free disk space to perform a scan. Application has encountered an error
    74 None SONAR has generated an error code 0: Definition Failure
    66 None Scan resumed on all drives and all extensions
    34059 None Intensive Protection policy is disabled from the Cloud
    34058 None Intensive Protection policy is enabled from the Cloud at Level 2
    65 None Scan Suspended
    34054 None Proactive Threat Protection has been enabled


  • 5.  RE: List of SEP event id's in windows event viewer -monitoring
    Best Answer

    Posted Sep 11, 2018 06:49 AM

    One for the SEPM:

    https://www.symantec.com/docs/TECH196455