Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 400 Source: SymantecNetworkProtection

Level
Description
[SID: 27601] System Infected: Trojan.Viknok Activity 3 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE
Comments
 
From a support forum: "Just fixed this on a PC. There were continuous pop ups (System Infected: Trojan.Viknok Activity 3 attack blocked). I booted into Safe Mode w/Networking and launched Symantec Enterprise Protection (12.1.3001.165) so I could run a full scan. The GUI finally came up and the scan link was not available to select. I downloaded the Norton Power Eraser Beta and it scanned and found the rpcss.dll as a problem. I chose to repair it and it removed it. I rebooted and logged back in as the user and all seems fine so far."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...