Threat Alert triggered on computer but nothing is there

Has anyone seen a threat alert but nothing is listed in the details of the log regarding the threat. The only thing i see is the threat column which says "is ok" and the information column which says "event occurred during an attempt to access the file". That is the only information that was reported. There was another machine that reported a threat but in the log it only shows what is listed below:

Information
Event occurred on a file modified by the application: C:\Program Files\Internet Explorer\iexplore.exe.

Any help is greatly appreciated.

 

Are you using ESS or EAV? Maybe is a Firewall alert

 

It is happening to a couple of my computers. Right after they updated to 5746.

- Real-time file system protection
- Event occurred during an attempt to access the file.

Just using EAV so no firewall.

It also is occurring on one of my servers and when it does it locks the server and I have to power it off/on to get it back up. Server was running just fine on 5745 and if I remove EAV server runs just fine as well.

 

Please copy & paste here the entire line from the Threat log, not just the Information column.

 

For me that is the entire line in the thread log. The only thing that is populated is the Information column.

Entire line of the threat log for the XP SP3 computer having the issue:
Name Threat Action Information
Event occurred during an attempt to access the file.


Entire line of the thread log for the 2003 server that locks up:
Name Threat Action Information
Event occurred on a new file created by the application: C:\Program Files\Omtool\OmtoolServer\Bin\OmWfcGFArchiveU.exe.

 

This is happening on two computers so far.

Computer #1
XP sp2

EAV 4.2.67.10 Virus Sig 5747

Listed below is the entire line that is in the log.

Name Threat Action Information
Event occurred during an attempt to access the file.


Computer #2
XP sp2

EAV 4.0.474 Virus Sig 5747

Listed below is the entire line that is in the log.

Name Threat Action Information
Event occurred on a file modified by the application: C:\Program Files\Internet Explorer\iexplore.exe.

 

Good morning,

I just experienced the same thing in our corporate environment, with a computer running Windows XP SP3.

Same circumstances, it is currently on signature 5750 after doing an update from 5747.

 

Oh and were running ESET 3.0.695

 

I'm continuing to get a lot of these throughout our enterprise. What's going on?

Here are just a few examples all on different computers running XP SP3

Module On-demand scanner - Threat Alert triggered on computer xxxxxxx: C:\WINDOWS\$hf_mig$\KB2079403\update\eula.txt contains.

Module On-demand scanner - Threat Alert triggered on computer xxxxxxxx: Operating memory contains is OK.

Module On-demand scanner - Threat Alert triggered on computer xxxxxxx: C:\WINDOWS\$hf_mig$\KB2443105\update\update.exe contains.

Threat Alert triggered on computer xxxxxxxx: C:\WINDOWS\$hf_mig$\KB887472\update\update.ver contains.

Threat Alert triggered on computer xxxxxxx C:\orant\ora9i\network\tools\images\Connect.gif contains.

 

I am still having issues with this on more computers now.
Listed below are some more examples:

Computer #3
XP SP3
EAV 4.0.437 vir sig 5754
Name Threat Action Information
Event occurred during an attempt to access the file.


Computer #4
XP SP2
EAV 3.0.672 vir sig 5757
Name Threat Action Information
Event occurred on a new file created by the application: C:\Program Files\WordPerfect Office X3\Programs\wpwin13.exe.

Computer #5
XP SP3
EAV 3.0.672 vir sig 5757
Name Threat Action Information
Event occurred on a file modified by the application: C:\WINDOWS\System32\DLA\DLACTRLW.EXE.

 

I've had a few systems do this sporadically since last week:

All clients are updating definitions correctly and since this has spanned over 5 days it has occurred with multiple definition sets, but always on XP SP3 32-bit and 3.0.695 though that could easily just be because it is the bulk of our userbase.

 

Should the problem persist with the update 5759 or newer, let us know.

 

Code:

Name	Threat	Action	Information
	is OK		Event occurred during an attempt to access the file.

I also have been getting these on our corporate network since the start of the year.

Will be nice to get an explanation why these where classified as threat or where the false positives from a batch up virus signatures release?

An explantion will help in answering our clients why these warning where triggered.

Thanks.

 

It's most likely related to this problem. Should you still be getting these alerts, let us know.

 

Here's one that just happened:

Code:

19/01/2011 12:20:16 - During execution of Update on the computer somelaptop, the following warning occurred: An error occurred while downloading update files.

and machine...

Code:

Column Name	Value
Client Name	somelaptop
Computer Name	somelaptop
MAC Address	f04da2bba698
Primary Server	someserver
Domain	dsi_group.com
IP	10.x.x.x
Product Name	ESET NOD32 Antivirus BUSINESS EDITION
Product Version	4.2.64
Policy Name	Default Primary Clients Policy
Last Connected	2011-01-19 12:19:19
Protection Status Text	
Virus Signature DB	5795 (20110117)
Last Threat Alert	
Last Firewall Alert	
Last Event Warning	An error occurred while downloading update files.
Last Files Scanned	2
Last Files Infected	0
Last Files Cleaned	0
Last Scan Date	2011-01-17 14:17:42
Restart Request	
Restart Request Date	
Product Last Started	2011-01-19 08:18:51
Product Install Date	2011-01-17 11:32:51
Roaming User	
New Client	Yes
OS Name	Windows 7 Professional 6.1.7600
OS Platform	Microsoft Windows
HW Platform	32-bit
Configuration	Ready (3 hours ago)
Protection Status	Ready (4 hours ago)
Protection Features	Ready (2 days ago)
System Information	Ready (3 hours ago)
SysInspector	No Data
Custom Info	
Comment	

 

It's a completely different problem than the one discussed in this thread. Your error means that the update download failed for some reason (probably due to a problem with connectivity or an update server).