Filename field is empty on threat log
cancel
Showing results for 
Search instead for 
Did you mean: 

Filename field is empty on threat log

L2 Linker

Dear Patrons,

 

There are two IPS in place with following configuration.

 

  • Objects > Security Profiles > Antivirus (Reset- Both)
  • Objects > Security Profiles > Anti-Spyware (no detail found)
  • Objects > Security Profiles > Vulnerability Protection (Reset- Both)

But we noticed that one IPS shows the filename in threat log (setup.exe) but in other IPS the filed is empty.

 

Threat name: (common on both the IPS) virus/win32.wgeneric

 

Dynamic updates are same on both the Firewalls.

 

Someone let me know what's odd in here?

 

Best Regards,

Pradeep

1 ACCEPTED SOLUTION

Accepted Solutions

L0 Member
Hey Pradeepkumar064,
 
I am running into the same issue. This might help.
 

View solution in original post

4 REPLIES 4

L7 Applicator

hi pradeep

 

do you have a file blocking profile in place ?

a filename will only appear in the log where the filename is relevant

in a threat profile you are unlikely to encounter filenames as it is focussed on network layer attacks. antivirus and antispyware target 2 different types of threats so one may find something in a file whil ehte other doesn't match or finds something else

 

without more concrete examples of what you're facing it's difficult to give you a more solid answer

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

@reaper 

 

Thanks for your kind response, let me collect the required details and reach out to you.

 

Best Regards,

Pradeepkumar

L0 Member
Hey Pradeepkumar064,
 
I am running into the same issue. This might help.
 

View solution in original post

@Coxje Thanks for the KB, really helpful.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!