Filename field is empty on threat log

Reply
Highlighted
L2 Linker

Filename field is empty on threat log

Dear Patrons,

 

There are two IPS in place with following configuration.

 

  • Objects > Security Profiles > Antivirus (Reset- Both)
  • Objects > Security Profiles > Anti-Spyware (no detail found)
  • Objects > Security Profiles > Vulnerability Protection (Reset- Both)

But we noticed that one IPS shows the filename in threat log (setup.exe) but in other IPS the filed is empty.

 

Threat name: (common on both the IPS) virus/win32.wgeneric

 

Dynamic updates are same on both the Firewalls.

 

Someone let me know what's odd in here?

 

Best Regards,

Pradeep


Accepted Solutions
L0 Member

Re: Filename field is empty on threat log

Hey Pradeepkumar064,
 
I am running into the same issue. This might help.
 

View solution in original post


All Replies
Highlighted
L7 Applicator

Re: Filename field is empty on threat log

hi pradeep

 

do you have a file blocking profile in place ?

a filename will only appear in the log where the filename is relevant

in a threat profile you are unlikely to encounter filenames as it is focussed on network layer attacks. antivirus and antispyware target 2 different types of threats so one may find something in a file whil ehte other doesn't match or finds something else

 

without more concrete examples of what you're facing it's difficult to give you a more solid answer

reaper - PANgurus.com
I drink and I know things
Highlighted
L2 Linker

Re: Filename field is empty on threat log

@reaper 

 

Thanks for your kind response, let me collect the required details and reach out to you.

 

Best Regards,

Pradeepkumar

L0 Member

Re: Filename field is empty on threat log

Hey Pradeepkumar064,
 
I am running into the same issue. This might help.
 

View solution in original post

Highlighted
L2 Linker

Re: Filename field is empty on threat log

@Coxje Thanks for the KB, really helpful.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!