Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Date/Time: 6/3/2010 12:00:15 AM
Reason: Blocked attachment outbreak
Related information: Blocked attachments detected 25 within 24 hr(s)
|English: Request a translation of the event description in plain English.|
See the recommandations from Cisco: EV100433 (Configuring Host Scan and the Posture Module)
Antivirus applications can misinterpret the behavior of some of the applications included in the posture module and the Host Scan package as malicious. Before installing the posture module or Host Scan package, configure your antivirus software to "white-list" or make security exceptions for these Host Scan applications:
This event is recorded by TrendMicro antivirus when it detects a certain number of dangerous attachments within 24 hours. This may indicate a potential outbreak so extra caution has to be taken.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated