 |
 |
 |
 |
Home | Services
| About Us | Reference Area
|
 |
|
Symantec Anti-Virus Reference |
|
|
Symantec (Norton) Anti-virus quick information.
Disclaimer! This is for my reference ONLY! I put this here for convenient
on-site reference.
This information became outdated around Corporate Edition V10.0, retained for now.
Situation:
You want to disable Symantec AntiVirus Corporate Edition 8.0 from logging
notifications in its own or in Windows NT's Event Viewer. This will stop all logging to specified location and
cannot be tailored to filter out certain logs. To be used sparingly, with emphasis that this will stop all
logging.
Solution:
Before sharing this information with customers, you must explain the potential
security risk. For example, a malicious user could disable logging, turn off AutoProtect, plant a Trojan,
re-enable AP and then re-enable logging. If you are uncertain whether to share this information with a
customer, consult with Level 2 support.
Within SAVCE 8.0, there are values in the registry that are responsible for
logging events into the event viewers. They are located in the following key:
HKLM\Software\Intel\Landesk\VirusProtect6\CurrrentVersion\Common
The 5 Values ("REG_DWORD") under Common are:
- AlertParent
- ForwardLogs
- LDVPEventLog
- MessageBox
- NTEventLog
See the note at the bottom of this document regarding
LDVPEventLog and
NTEventLog.
"Data" Field Values are:
- 0x00000000 (0) = False
- 0x00000001 (1) =True
To stop any of these logging features, place a "0" (zero) in the
data field.
NOTE: While the LDVPEventLog
and
NTEventLog
values still exist in the registry, they no longer function as expected. You
will need to create replacement values and enter a 0 to stop logging:
LDVPEventLog
now should be
LDVPCommonConfiguration
NTEventLog
now should be
NTCommonConfiguration
|
|
|
 |
 |
 |
| Copyright © 1996-2024 Ohman Automation Corp. All rights reserved. |