Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 257 Source: AlertManagerEventInterface

Level
Description
Alert Manager Event Interface: Alert Manager Event Interface unable to send alert to \\<server name>\pipe\AlertManager. Error returned = <error message>
Comments
 
We were migrating files from an old server to a new server. This error popped up when I copied the "autorun.inf" file from a Windows Server CD (installed on the old server) in a folder. It would not copy to the new server. Open McAfee 8.0i Virus Scan Console, right click on Access Protection, click on File, Folder, go to Share Protection Tab and uncheck the rule "Prevent Remote Creation of autorun.inf files". You may have to uncheck other options as we had issues with copying PIF files.
Go to the "McAfee Knowledge Search" page and search for the specified solutions, for information on this event: Solution ID nai26666, Solution ID nai10789, Solution ID nai31549, Solution ID NAI29696, Solution ID: nai8070, Solution ID nai22227, Solution ID: nai27786, Solution ID KB38545, Solution ID nai36941, Solution nai30108, Solution ID kb44915, Solution ID kb45060, Solution ID kb45059, Solution ID kb45126, Solution ID kb45172, Solution ID kb45424, Solution ID kb45509, and Solution ID kb46414.

See "EventID 257 from source AlertManager" for additional information on this problem.
As per NAI knowledgebase: "The Alert Manager service is not started when VirusScan Enterprise 7.0 sends an alert that the MCSHIELD service has started. This causes Event ID 257 to be generated for the Alert Manager Interface.

This error can be safely ignored. McAfee Alert Manager 4.7 can take longer to start than McAfee VirusScan Enterprise 7.0, causing this event to occur, but it is not indicative of a problem with VirusScan Enterprise or Alert Manager.

IMPORTANT: Network Associates recommends against setting a dependency on the VirusScan Enterprise services to cause them to wait until the Alert Manager service starts. This could compromise anti-virus protection on the machine."
Error message: "Access is denied." - See Error code 5.
Error message: "The network path was not found." - See Error code 53.
Error message: The system cannot find the file specified." - See Error code 2.
Error Message: "The system cannot find the file specified." - From a newsgroup post: "Enable Alert Manager (C:\ProgramFiles\commonFiles\NetworkAssociates \AlertManager\amgrcnfg.exe). You must turn Alerting on in the client, and there are two settings that are required to get it right. Go to the Virus Scan AlertingConfiguration panel, check the radio button for "Enable centralized alerting", click on Configure, and browse the the alert location.Also, check to see if you're running VirusScan Alert Manager under the SYSTEM account. SYSTEM can't write to network drives.  It's a localmachine account with no network access. If you need to, rerun the install of McAfee, and make sure the Alert Manager service is installed during that process."


Error Message: "The network path was not found." - From a newsgroup post: "If you install McAfee Alert Manager as a cluster resource, both nodes have a copy of Alert Manager installed. However, Alert Manager will be running on only one node at a time. Moreover, by default, the scanner on each node sends messages to its own Alert Manager. As a consequence, only the scanner on the currently active node can trigger alert messaging. The scanner on the inactive node is unable to send alerts. Try to uninstall the Antivirus Software, reapply NT and Exchange Service Packs and test Mail before reapplying the Antivirus Software."
McAfee AlertManager is not started on the target machine. This service needs to be running for the named pipe to exist.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...