Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Norton Antivirus|
The description for Event ID ( 4097 ) in Source ( Norton AntiVirus ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: The file <path to file> is infected with the <virus name> virus., Unable to delete this file.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is a DLL?
What is causing the “The description for Event ID ( … ) in Source ( …. ) cannot be found… “?
The messages indicates that Norton Antivirus has detected a virus. The message is not displayed properly because the Norton Antivirus event log message dll is not configured properly.
Upon checking what dll Norton Antivirus was using to write to the event log, I found it was trying to use s32alogn.dll. However, on my original Norton Antivirus CD and hard drive, this dll was not present, s32alogo.dll was there instead. By editing: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Norton Antivirus and changing the s32alogn.dll to s32alogo.dll, all the events recorded properly.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated