System Symantec Software Monitor
This option group area of the policy contains monitoring functions for Symantec software. Currently the monitored ancillary application is Symantec AntiVirus for Linux. The policy automatically detects if the host machine has Symantec AntiVirus for Linux installed.
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication |
Option | Virus Detected |
Rule Name |
Virus_Detected |
Severity |
Critical |
Description | Detects the discovery of a virus or Trojan horse by Symantec AntiVirus for Linux. This detection indicates that malicious software has arrived at the client side by email, download, document macro, or by disk-to-disk transfer. Immediate action is usually warranted. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Service Stopped |
Rule Name |
Service_Stopped |
Severity |
Warning |
Description | Detects the stopping of the Symantec AntiVirus for Linux service. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the Symantec AntiVirus service has stopped, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Service Started |
Rule Name |
Service_Started |
Severity |
Notice
|
Description | Detects the starting of the Symantec AntiVirus for Linux service. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the Symantec AntiVirus service has started, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Scan Started |
Rule Name |
Scan_Started |
Severity |
Notice |
Description | Detects the starting of a manual scan of a host with Symantec AntiVirus for Linux. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that it has initiated a manual scan of the host, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Scan Canceled |
Rule Name |
Scan_Canceled |
Severity |
Warning |
Description | Detects the canceling of a manual scan of a host with Symantec AntiVirus for Linux. Symantec AntiVirus issues the status messages for various application conditions. When Symantec AntiVirus determines that it has been commanded to cancel a manual scan, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Scan Complete |
Rule Name |
Scan_Complete |
Severity |
Notice |
Description | Detects the completion of a manual scan of a host with Symantec AntiVirus for Linux. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that it has successfully completed a manual scan, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | New Virus Definition Loaded |
Rule Name |
New_Virus_Defintion_Loaded
|
Severity |
Notice |
Description | Detects the updating of Symantec AntiVirus for Linux with the latest virus definitions. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that it has loaded a new virus definition file, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Virus Definitions are Current |
Rule Name |
Virus_Definitions_are_Current |
Severity |
Notice |
Description | Detects that the installed virus definitions are current. Symantec AntiVirus for Linux issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the definitions are current, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Realtime Protection Loaded |
Rule Name |
Realtime_Protection_Loaded |
Severity |
Notice |
Description | Detects the disabling of the Symantec AntiVirus for Linux real-time system protection option. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the real-time protection option has been disabled, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Realtime Protection Disabled |
Rule Name |
Realtime_Protection_Disabled |
Severity |
Critical |
Description | Detects the disabling of the Symantec AntiVirus for Linux real-time system protection option. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the real-time protection option has been disabled, it reports this status. |
Parameter | Description |
|---|---|
Option Path
| System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
|
Option | Virus Detected - Cleaned Failed |
Rule Name |
Virus_Detected_Cleaned_Failed
|
Severity |
Critical |
Description | Detects the discovery of a virus or Trojan horse by Symantec AntiVirus for Linux. This detection indicates that malicious software has arrived at the client side by email, download, document macro, or by disk-to-disk transfer. This event indicates Symantec AntiVirus client was unable to clean, remove, or quarantine the identified malware and the risk is still present on the system. Immediate investigation is required.
|