System Symantec Software Monitor

This option group area of the policy contains monitoring functions for Symantec software. Currently the monitored ancillary application is Symantec AntiVirus for Linux. The policy automatically detects if the host machine has Symantec AntiVirus for Linux installed.
Description of the
Virus Detected
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Virus Detected
Rule Name
Virus_Detected
Severity
Critical
Description
Detects the discovery of a virus or Trojan horse by Symantec AntiVirus for Linux. This detection indicates that malicious software has arrived at the client side by email, download, document macro, or by disk-to-disk transfer. Immediate action is usually warranted.
Description of the
Service Stopped
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Service Stopped
Rule Name
Service_Stopped
Severity
Warning
Description
Detects the stopping of the Symantec AntiVirus for Linux service. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the Symantec AntiVirus service has stopped, it reports this status.
Description of the
Service Started
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Service Started
Rule Name
Service_Started
Severity
Notice
Description
Detects the starting of the Symantec AntiVirus for Linux service. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the Symantec AntiVirus service has started, it reports this status.
Description of the
Scan Started
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Scan Started
Rule Name
Scan_Started
Severity
Notice
Description
Detects the starting of a manual scan of a host with Symantec AntiVirus for Linux. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that it has initiated a manual scan of the host, it reports this status.
Description of the
Scan Canceled
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Scan Canceled
Rule Name
Scan_Canceled
Severity
Warning
Description
Detects the canceling of a manual scan of a host with Symantec AntiVirus for Linux. Symantec AntiVirus issues the status messages for various application conditions. When Symantec AntiVirus determines that it has been commanded to cancel a manual scan, it reports this status.
Description of the
Scan Complete
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Scan Complete
Rule Name
Scan_Complete
Severity
Notice
Description
Detects the completion of a manual scan of a host with Symantec AntiVirus for Linux. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that it has successfully completed a manual scan, it reports this status.
Description of the
New Virus Definition Loaded
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
New Virus Definition Loaded
Rule Name
New_Virus_Defintion_Loaded
Severity
Notice
Description
Detects the updating of Symantec AntiVirus for Linux with the latest virus definitions. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that it has loaded a new virus definition file, it reports this status.
Description of the
Virus Definitions are Current
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Virus Definitions are Current
Rule Name
Virus_Definitions_are_Current
Severity
Notice
Description
Detects that the installed virus definitions are current. Symantec AntiVirus for Linux issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the definitions are current, it reports this status.
Description of the
Realtime Protection Loaded
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Realtime Protection Loaded
Rule Name
Realtime_Protection_Loaded
Severity
Notice
Description
Detects the disabling of the Symantec AntiVirus for Linux real-time system protection option. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the real-time protection option has been disabled, it reports this status.
Description of the
Realtime Protection Disabled
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Realtime Protection Disabled
Rule Name
Realtime_Protection_Disabled
Severity
Critical
Description
Detects the disabling of the Symantec AntiVirus for Linux real-time system protection option. Symantec AntiVirus issues the status messages for various application conditions and errors. When Symantec AntiVirus determines that the real-time protection option has been disabled, it reports this status.
Description of the
Virus Detected - Cleaned Failed
parameters used
Parameter
Description
Option Path
System Symantec Software Monitor > Symantec AntiVirus for Linux (SAVFL) Client Communication
Option
Virus Detected - Cleaned Failed
Rule Name
Virus_Detected_Cleaned_Failed
Severity
Critical
Description
Detects the discovery of a virus or Trojan horse by Symantec AntiVirus for Linux. This detection indicates that malicious software has arrived at the client side by email, download, document macro, or by disk-to-disk transfer. This event indicates Symantec AntiVirus client was unable to clean, remove, or quarantine the identified malware and the risk is still present on the system. Immediate investigation is required.