Missing AV Logs

[KorpDeath]

So they assume because you get no response that should be good? CA can't possibly be that stupid, I mean, I knew they were pretty dumb from my experience trying to get support from them but this just takes the cake.

IMO - The console should be flexible enough to allow you to turn on or off any level of logging, even if you just want to verify that the scan came up clean. Even with minimal logging it should tell what drives it scanned and how many files, etc. etc.

[AngelicKnight]

Exactly! I keep hoping that it's there and I'm just overlooking it somehow, but I have yet to find anything. Grr...Indeed, silence hardly equates safety, I don't know what the deal is.

[AngelicKnight]

And here's something else, though I'm not sure if it's related to the problem. On the server administering the AV, I get this log under General Events:

Type: Critical
Source: Admin Server
Code: 47
Description: The admin server could not communicate with the proxy <adminservername>.<ourdomain>, error 1717. The request has been lost.

Once again, more meaningless error codes! Yay!

Two things don't make sense too me:

1) First and foremost, we don't use a proxy!
2) The admin server can't communicate with itself?

[KorpDeath]

Not that that is an indication of anything bad happening but If I were you I'd check all logins that relate to AV system, service logins, etc. etc. Then I'd go through every nook na d cranny of that admin program to see if you just missed something.

Other than that if the AV proggy doesn't have the ability to log that stuff then you, my friend, are what they call "ass out". Sorry. CA sucks, what else can I say.

If you're good withbatch files maybe you could set something up that drops a file on the users system after a succesfully completed scan, but I wouldn't. That's too much work, for very little, IMO.

peace

[DjM]

Sorry, I haven't got time to check this out now, but can't you created an audit policy which will cut a record into the eventlog when something happens? I am thinking here, creating an audit policy on the scan process, cut a record when it starts, cut another record when it stops. Like I said I don't have time to check it but maybe someone here can confirm or deny if it can be done.

Cheers:

[AngelicKnight]

Oh, good thinking, DjM! And lo and behold, did some more digging through the administrative view and found where it's set up to e-mail alerts to my address. I hadn't given that option much thought since it's already running and doesn't regard logging, but when I took a look into it's configuration, I found this:

1) It has an option to log to EventViewer (which was disabled)
2) It was set to only report alerts, not informational logs

So, I've enabled both of those. Hopefully that's the magic fix *crossing fingers*. We'll know soon!

[nihil]

Hi Angelic~

Just checked mine (single user)...........you should have:

viruslog.txt
RT_log.txt

The first is for system scanning, and the second for real time scanning.

I have checked it with viruses and without viruses, and you should still get a log telling you about the object locked system files that it could not check.

I have an option to list "all scanned files" or just problem ones...............perhaps if you tell it to list all scanned files, it will tell you if it works?

Otherwise, I can prepare you a little folder of "fun stuff" that should get it going

ONLY TO BE USED ON A TEST MACHINE NOT CONNECTED TO A NETWORK

You just copy the folder and run your AV..............it should go ballistic?

Please let me know..........

Cheers