RSA Admin

MS Security Essentials & Envision Logging

Discussion created by RSA Admin Employee on Jul 16, 2013
Latest reply on Jul 22, 2013 by Sean Koniarz



Long shot but here goes...


We are an Enterprise using SEP 12.  A number of critical servers had problems with SEP so the decision was made to move to an unmanaged non enterprise AV platform, MS Security Essentials.


I want to at least have assurance that the AV is being updated so want to create an envision report to accomplish this.  I've added the impacted servers and can see Microsoft Antimalware references if I run a Event Viewer-Message View and filter on this.  I see all references to Microsoft Antimalware here.  I've added a sample below.


xx.xx.xx.xx%NICWIN-4-System_2001_Microsoft: System,rn=6007 cid=0x00000000 eid=0x000007d1,Mon Jul 15 22:11:01 2013,2001,Microsoft Antimalware,None,Error,Servername,None,,Microsoft Antimalware  has encountered an error trying to update signatures. New Signature Version:%b  Previous Signature Version:%b1.153.1309.0  Update Source:%bMicrosoft Update Server  Update Stage:%bSearch  Source Path:%b  Signature Type:%bAntiVirus  Update Type:%bFull  User:%bNT AUTHORITY \\SYSTEM  Current Engine Version:%b  Previous Engine Version:%b1.1.9607.0  Error code:%b0x80072efd  Error description:%bA connection with the server could not be established 


When I try and create a new Query I cannot find any of the Microsoft Antimalware references when running it under the 'Windows' table.  Is there any other location that I should be looking for this information.  Am hoping someone else has come across this problem before.