Explanation of Symantec Antivirus Corporate Edition Windows Event log entries
Symantec Antivirus Corporate Edition 8.x writes data to the Windows NT/2000 application event logs. These entries have Category and Event IDs.
The total number of categories is four. Each category corresponds to a different component of Symantec Antivirus and the category number indicates where the application event originated from. These are shown below:
Category number Where the event is from
1 From Quarantine/Q -Server
2 NAV services
3 Automatic Update/Virus Definitions
4 Any change to a server's configuration
The 24 different event actions, along with their event numbers and severity levels, are shown below
Event number Severity of event What occurred
1 Warning An on-screen alert was sent.
2 Informational A virus scan completed.
3 Informational A virus scan was started.
4 Informational Virus definitions have been updated.
5 Warning An infected file has been found.
6 Warning Error in opening a certain file.
7 Informational Loading virus definitions.
11 Error Error in sending/receiving SNMP trap.
12 Informational A configuration change has occurred.
13 Informational Shut down of NAV services.
14 Informational Start up of NAV services.
16 Informational Downloading of definition update.
18 Informational File sent to Q-Server.
19 Informational Scan and Deliver.
20 Error Back up of sample.
21 Error Virus scan aborted.
22 Error Error in loading RTS service.
23 Informational Services Loaded
24 Informational Services Unloaded
25 Informational Client Removed from Parent Server
26 Informational Scan Delayed (pause/snooze occurred)
27 Informational Scan Restarted
28 Informational Client Roamed to new parent server
29 Informational Client Roamed from parent server
Here are some examples to show how the above information can be put together to define the application event that has occurred.
Category number Event number What occurred
4 12 Configuration change
2 21 Scan canceled
2 6 Cannot open file to scan
2 3 Scan stopped
2 14 NAV service start up successful
1 5 An infected file has been found and quarantined
3 4 Virus definitions have been updated
Information taken from Symantec Support Document ID: 2002110112213648