Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 9567 Source: MSExchangeIS

Source
Level
Description
Unexpected error 0x50a occurred in "EcVirusScanOneMessage".
Comments
 
As per ME967518, on a computer that is running Microsoft Forefront Security for Exchange Server or a third-party antivirus product, after you install Microsoft Exchange Server 2007 Service Pack 1, you may receive many MSExchangeIS warning events. This is a known issue with Exchange Server 2007 Service Pack 1 to be fixed in one of the future releasese.
See ME294336 for a list of new events that are introduced with Exchange 2000 Server SP1 for Virus Scanning API 2.0.
If this problem occurs when using Kaspersky Antivirus for Exchange 5.5/2000, then see the link to “Kaspersky Support QID 3587970” for information on this problem.
See the link to "Symantec Support Document ID: 2003032510470954" if you are running a Symantec product.
As per Microsoft: "This event can occur if the Exchange Server is running an antivirus application and there are problems with the application". See MSEX2K3DB and the link to "Network Associates Support Solution ID: NAI30195" for information on this event.


From Symantec Knowledge Base: "This error occurred when Symantec AntiVirus/ Filtering 3.0 for Microsoft Exchange (SAVFMSE) is installed. To solve this problem:
1. Dismount the mailbox store. (DO NOT STOP THE "MICROSOFT EXCHANGE INFORMATION STORE" SERVICE!)
2. Click Start, then click Run and type the following:
"C:\Program Files\exchsrvr\bin\isinteg" -s <your NetBIOS server name here> -fix -test alltests
NOTE: If the path is dragged into the Run line, it should appear in quotes. If not, then use short file names.
3. Open Windows Explorer and browse to the following path:
C:\Program Files\exchsrvr\mdbdata
4. Open the file Isinteg.pri with a text editor such as Notepad.
5. Examine the summary section at the end of the file. If the values for the following are not zero, then close the file and repeat Step 2 through Step 4 until the values for the following Totals are all zero.
Total errors
Total warnings
Total fixes
6. Re-mount the mailbox store."

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...