This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scanning error message

Good morning,

I've noticed over the last few week the below message keeps popping up, i've tried a search but found nothing.

Virus/ spyware detected

Mal/Generic-S

Event Decode Unavailable (Event Number: "-532873130" Message Code: "SAVXP.3762094166" Inserts: "","","","","") [0xe03d0056]

Running Sophos Enterprise Console 5.2.1 R2 on Server 2012 R2

Any help appreciated.

:50974


This thread was automatically locked due to age.
Parents
  • Hello "all",

    the message is The on-access driver failed to determine the name for a file (Der On-Access-Treiber konnte den Namen für eine Datei nicht ermitteln). - you'll find it in the endpoint's SAV.txt. Likely nothing to worry about (unless it happens frequently).

    As for the decoding error - it has perhaps already been corrected.

    Christian

    :52535
  • Is there perhaps a KB article on this or more information on how it's resolved or why it's occuring? I at this time have 4 machines that have this error.
  • Hello AdrecDeRue,

    which of the errors are you referring to by it? There are two:

    1. Event Decode Unavailable - this is en error in SEC, the culprit is, I think, SavRes.dll in ...\Enterprise Console\SavProviders\XP\ which doesn't have an entry (i.e. a corresponding message) for error code 0xe03d0056 sent by the endpoint
    2. failed to determine the name - this is an error raised in the file system filter driver. As there is a specific message it's not totally unexpected, but don't ask me about the underlying cause or whether this signifies something to investigate further (likely not, but I might be wrong)

    1) is a minor bug (or flaw) in SEC, 2) might justify an explaining article. For both perhaps your best course of action is to make the query "official" using the Submit Query form.

    Christian

Reply
  • Hello AdrecDeRue,

    which of the errors are you referring to by it? There are two:

    1. Event Decode Unavailable - this is en error in SEC, the culprit is, I think, SavRes.dll in ...\Enterprise Console\SavProviders\XP\ which doesn't have an entry (i.e. a corresponding message) for error code 0xe03d0056 sent by the endpoint
    2. failed to determine the name - this is an error raised in the file system filter driver. As there is a specific message it's not totally unexpected, but don't ask me about the underlying cause or whether this signifies something to investigate further (likely not, but I might be wrong)

    1) is a minor bug (or flaw) in SEC, 2) might justify an explaining article. For both perhaps your best course of action is to make the query "official" using the Submit Query form.

    Christian

Children
No Data