Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4097 Source: NortonAntivirus

Level
Description
The description for Event ID ( 4097 ) in Source ( Norton AntiVirus ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: The file <path to file> is infected with the <virus name> virus., Unable to delete this file.
Comments
 
The messages indicates that Norton Antivirus has detected a virus. The message is not displayed properly because the Norton Antivirus event log message dll is not configured properly.
Upon checking what dll Norton Antivirus was using to write to the event log, I found it was trying to use s32alogn.dll. However, on my original Norton Antivirus CD and hard drive, this dll was not present, s32alogo.dll was there instead. By editing: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Norton Antivirus and changing the s32alogn.dll to s32alogo.dll, all the events recorded properly.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...