Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1 Source: F-SecureGatekeeper

Level
Description
Real-time scanning failure occurred. Intercepted file name=C:\DOCUME~1\AMIRNO~1\LOCAL...VBAGFHA02980. For more information, please visit the customer support web pages at http://support.f-secure.com/enu/home/ for assistance.
Comments
 
As the description suggests, it is recorded when F-Secure Internet Gatekeeper is unable to scan a particular file (thus potentially exposing the system to a threat). There are many reasons files can fail a scanning: corrupted files, encrypted archive files, files locked by other programs and so on. The administrator should identify the file specified and determine if it is a special file that maybe it should be excluded from scanning or if it is indeed a potential problem.

If file corruption is suspected, the administrator should run CHKDSk against that particular volume.

As a precaution, a full antivirus scan should be run, ideally using different antivirus solutions. Some users reported this after their system had been compromised (rootkits were found that were affecting the normal A/V scanning).

In many cases, this type of event is recorded as "The description for event ID(1) in source (F-Secure Gatekeeper) can not be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE=flag to retrieve this description; see help and support for details. The following information is part of the event:<file for which the real-time scanning failure occurred>".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...