Hi Team,
Please provide the explanation about all the fields which are there in below syslog message.
Jun 20 14:53:43 10.40.10.61 Jun 20 14:54:46 SymantecServer CORP: Potential risk found,Computer name: CORPE642,Detection type: 4,First Seen: Reputation was not used in this detection.,Application name: Microsoft® Windows® Operating System,Application type: Trojan Worm,Application version: 6.1.7600.16385,Hash type: SHA-256,Application hash: 0000000000000000000000000000000000000000000000000000000000000002,Company name: Microsoft Corporation,File size (bytes): 20992,Sensitivity: 127,Detection score: 0,COH Engine Version: ,Detection Submissions No,Permitted application reason: 0,Disposition: Good,Download site: ,Web domain: ,Downloaded by: ,Prevalence: Reputation was not used in this detection.,Confidence: Reputation was not used in this detection.,URL Tracking Status: Off,Risk Level: Reputation was not used in this detection.,Detection Source: N/A,Source: Heuristic Scan,Risk name: ,Occurrences: 1,c:\windows\system32\svchost.exe,"",Actual action: Left alone,Requested action: Left alone,Secondary action: Left alone,Event time: 2012-06-20 21:19:57,Inserted: 2012-06-20 21:54:46,End: 2012-06-20 21:19:57,Domain: Test,Group: My Company\Office,Server: CORP,User: SYSTEM,Source computer: ,Source IP: 0.0.0.0
In message, It says Potential risk found but Risk name: field is blank.
What does it (this event) say.
Regards,
Shalendra