Loading...

Knowledge Center


McAfee managed products generated Event IDs listed in ePolicy Orchestrator
Technical Articles ID:   KB54677
Last Modified:  6/11/2019
Rated:


Environment

McAfee ePolicy Orchestrator (ePO) 5.x
McAfee Security for Domino (MSD) 7.x
McAfee Security for Exchange (MSME) 8.x

Summary

The following table lists Event IDs that are generated by McAfee managed products and listed in ePO. 
 
NOTES:
  • The managed products must be programmed to log specific events to the Event Viewer before the events can be displayed there.
  • To verify that a hotfix is installed, see the hotfix Release Notes for guidance.
Event ID Name Severity
1002 Task started successfully Informational
1003 Error starting Task Informational
1004 Task has completed successfully Informational
1005 Error while stopping task Informational
1024 Infected file found Critical
1025 Infected file successfully Cleaned Major
1026 Unable to clean infected file Critical
1027 Infected file deleted Major
1028 Unable to delete infected file Critical
1029 File to be excluded from scans Informational
1030 Unable to exclude item from scans Critical
1031 Infected file access denied Major
1032 Infected file was moved to quarantine area Major
1033 Unable to move infected file to quarantine Critical
1034 Scan completed. No viruses found Informational
1035 Scan was cancelled Informational
1036 Memory infected Critical
1037 Infected boot record found Critical
1038 Scan found infected files Critical
1039 Scan found and cleaned infected files Major
1040 Activity Log error Informational
1041 Scan reports memory allocation error Informational
1042 Path too long Warning
1043 Media is write protected Informational
1044 Specified media not found Informational
1045 Specified scan item is invalid Informational
1046 File I/O errors Informational
1047 Disk I/O errors Informational
1048 Scan reports general system error Informational
1049 Scan reported an internal application error Informational
1050 Unable to repair password protected Major
1051 Unable to scan password protected Major
1052 Infected Binder Object Critical
1053 Infected file found Critical
1054 Infected file deleted Major
1055 Unable to delete infected file Critical
1056 File moved to quarantine Major
1057 Unable to move infected file to quarantine Critical
1059 Scan Timed Out Major
1060 Boot sector virus was cleaned Major
1061 Error while cleaning boot sector virus Critical
1062 Error sending alert Informational
1063 Invalid options specified Informational
1064 Service was started Informational
1065 Service ended Informational
1066 Task started OK Informational
1067 Unable to start scheduled task Warning
1068 Scheduled task was stopped Informational
1069 Error stopping scheduled task Warning
1070 Task was successful Informational
1071 Task was cancelled Warning
1076 Error logging information Informational
1077 Memory allocation error Informational
1086 Scan Process Error Critical
1087 On-access Scan started Informational
1088 On-access scan stopped Informational
1089 Scan Settings Informational
1090 OAS stopped Warning
1091 JavaScript security violation detected and blocked Major
1092 Access Protection rule violation detected and blocked Minor
1093 Buffer Overflow detected; Blocked successfully Critical
1094 Port blocking rule violation detected Minor
1095 Access Protection rule violation detected and NOT blocked Minor
1099 Buffer Overflow detected and NOT blocked Critical
1100 Macro Detected in file Minor
1101 Macro Deleted from file Minor
1118 The update was successful Informational
1119 The update failed; see event log Warning
1120 The update is running Informational
1121 The update was cancelled Warning
1122 The upgrade is running Informational
1123 The upgrade failed; see event log Major
1124 The upgrade was cancelled Informational
1125 The DAT version was not new enough Informational
1126 Scan was cancelled by AutoUpdate of DAT files Warning
1127 OAS Scanning Engine Disabled Warning
1128 Scan time exceeded Warning
1129 Scan shut down by Windows Warning
1200 Process started Informational
1201 Process Ended Informational
1202 On-demand scan started Informational
1203 On Demand scan complete Informational
1204 Report OS & Serial Informational
1270 file infected. No cleaner available, quarantined successfully Major
1271 file infected. No cleaner available, heuristic detection, quarantined successfully Major
1272 file infected. Undetermined clean error, quarantined successfully Major
1273 file infected. Clean error, Encrypted file, quarantined successfully Major
1274 file infected. No cleaner available, quarantine failed Critical
1275 file infected. No cleaner available, heuristic detection, quarantine failed Critical
1276 file infected. Undetermined clean error, quarantine failed Critical
1277 file infected. Clean error, Encrypted file, quarantine failed Critical
1278 file infected. No cleaner available, file deleted successfully Major
1279 file infected. No cleaner available, heuristic detection, deleted successfully Major
1280 file infected. Undetermined clean error, deleted successfully Major
1281 file infected. Clean error, Encrypted file, deleted successfully Major
1282 file infected. No cleaner available, delete failed Critical
1283 file infected. Clean error, heuristic detection, delete failed Critical
1284 file infected. Undetermined clean error, delete failed Critical
1285 file infected. Clean error, Encrypted file, delete failed Critical
1286 file infected. No cleaner available, continued scanning (ODS) Critical
1287 file infected. Clean error, heuristic detection, continued scanning (ODS) Critical
1288 file infected. Undetermined clean error, continued scanning (ODS) Critical
1289 file infected. Clean error, Encrypted file, continued scanning (ODS) Critical
1290 file infected. No cleaner available, OAS denied access and continued Critical
1291 file infected. Clean error, heuristic detection, OAS denied access and continued Critical
1292 file infected. Undetermined clean error, OAS denied access and continued Critical
1293 file infected. Quarantine failed, deleted successfully Major
1294 file infected. Quarantine failed, delete failed Critical
1295 file infected. Move failed, continued scanning (ODS) Critical
1296 file infected. Move failed, denied access and continued (OAS) Critical
1297 file infected. Delete failed, quarantined Major
1298 file infected. Delete failed, quarantine failed Critical
1299 file infected. Delete failed, continued scanning (ODS) Critical
1300 file infected. Delete failed, denied access and continued (OAS) Critical
1500 Infected email cleaned Major
1501 Infected email quarantined Minor
1502 Unable to clean infected mail Critical
1503 Infected email detected Major
1504 Infected mail item deleted Critical
1505 Email content filtered Warning
1506 Email content blocked Warning
1507 Inbound email suspend for low disk Minor
1508 Inbound Mail Resumed Warning
1509 Startup request successfully processed Informational
1510 Shutdown request successfully processed Informational
1511 Warning - abnormal termination! Minor
1512 A maximum load condition is occurring! Major
1513 Mail virus quarantined and cleaned Minor
1514 Mail virus quarantined (not cleaned) Critical
1515 Infected email has had virus replaced Major
1800 Security for Domino: Task started successfully Informational
1801 Security for Domino: Error starting task Warning
1802 Security for Domino: Task has completed Warning
1803 Security for Domino: Error while stopping task Warning
1804 Security for Domino: File virus found and cleaned Warning
1805 Security for Domino: Infected file successfully quarantined Warning
1806 Security for Domino: Infected file deleted Warning
1807 Security for Domino Infected file ignored Warning
1808 Security for Domino Quarantined a Lotus Script Exception Warning
1809 Security for Domino Lotus Script Exception found and ignored Warning
1810 Security for Domino Quarantined a Formula Exception Warning
1811 Security for Domino Formula Exception found and ignored Warning
1812 Security for Domino Quarantined a Content Exception Warning
1813 Security for Domino Content Exception found and ignored Warning
1814 Security for Domino Unable to read configuration database Warning
1815 Security for Domino Unable to write to configuration database Warning
1816 Security for Domino AutoGO update unable to restart task Warning
1817 Security for Domino AutoGO update failed Warning
1818 Security for Domino: Attachments Blocked Warning
1850 Security for Domino - Packer detected Informational
1851 Security for Domino - Phish detection Informational
1852 Security for Domino - Scanner control filtering Informational
1853 Security for Domino - Signed mail (digital signature) Informational
1854 Security for Domino - Encrypted content is found in the mail Informational
1855 Security for Domino - Content is found to be corrupted Informational
1856 Security for Domino - DOS attack - Multiple Nesting Level, Max Expanded File Size & Max Scan Time Informational
1857 Security for Domino - A password set on an attachment Informational
1858 Security for Domino - The attachment is an archive or zip file that is password protected Informational
1859 Security for Domino - There is partial mime content or some external content Informational
1860 Security for Domino - Statistical event Informational
1900 New MIB File Available Informational
2000 Infected file found Critical
2001 Infected file successfully cleaned Critical
2002 Unable to clean infected file Critical
2003 Infected file deleted Critical
2004 Unable to delete infected file Critical
2005 File to be excluded from scans Informational
2006 Unable to exclude item from scans Informational
2007 Infected file access denied Critical
2008 Infected file was moved to quarantine area Critical
2009 Unable to move infected file to quarantine Critical
2010 Centralized Alerting - Infected file found Critical
2011 Centralized Alerting - Infected file successfully cleaned Critical
2012 Centralized Alerting - Unable to clean infected file Critical
2013 Centralized Alerting - Infected file deleted Critical
2014 Centralized Alerting - Unable to delete infected file Critical
2015 Centralized Alerting - File to be excluded from scans Informational
2016 Centralized Alerting - Unable to exclude item from scans Informational
2017 Centralized Alerting - Critical
2018 Centralized Alerting - Infected file was moved to quarantine area Critical
2019 Centralized Alerting - Unable to move infected file to quarantine Critical
2020 Boot record infection found Critical
2021 Boot record infection cleaned Critical
2022 Boot record infection clean error Critical
2023 New File Virus Found Critical
2024 New File Virus Found And Deleted Critical
2025 New File Virus Found But Move Failed Critical
2026 New File Virus Found And Moved Critical
2027 New File Virus Found But Move Failed Critical
2028 MBR Virus Found Critical
2100 Outbreak Rule Name Critical
2201 ePolicy Orchestrator Agent: Failed to install software package Warning
2202 ePolicy Orchestrator Agent: Install retry limit reached for software package Warning
2204 ePolicy Orchestrator Agent: Insufficient disk space to install software Warning
2208 ePolicy Orchestrator Agent: Insufficient disk space to download software Warning
2216 ePolicy Orchestrator Agent: Cannot install software due to OS version mismatch Warning
2232 ePolicy Orchestrator Agent: Enforce Policy Failed Warning
2264 ePolicy Orchestrator Agent: Property Collection Failed Warning
2328 ePolicy Orchestrator Agent: Enforce Task Failed Warning
2401 Update Successful Critical
2402 Update Failed Critical
2411 Deployment Successful Critical
2412 Deployment Failed Critical
2413 Attempt to uninstall ePolicy Orchestrator Agent Major
3000 Scan task completed. No viruses found Informational
3001 Task was cancelled Informational
3002 Virus found in Memory Critical
3003 Infected boot record found Informational
3004 Task found infected files Critical
3005 Task found and cleaned infected files Critical
3006 Task error while accessing activity log file Warning
3007 Task reports memory allocation error Warning
3008 Directory length access error Warning
3009 Media is write protected Warning
3010 Specified media not found Warning
3011 Specified scan item is invalid Warning
3012 File I/O errors Warning
3013 Disk I/O errors Warning
3014 Task reports general system error Critical
3015 Task reported an internal application error Critical
3016 Error opening Service Manager Warning
3017 Error starting drivers Critical
3018 Error occurred starting log subsystem Warning
3019 Error obtaining device driver versions Warning
3020 Invalid virus signature files Critical
3021 Scan engine error Critical
3022 Initialization error with scan buffer Warning
3023 Memory allocation error Warning
3024 Unknown error reported Warning
3025 Error sending new options to device driver Warning
3026 Error sending exclude information to the driver Warning
3027 Error sending move to folder to the driver Warning
3028 Error obtaining log data from device driver Warning
3029 Error occurred while enabling driver Warning
3030 Error occurred while disabling driver Warning
3031 Error while obtaining statistical data from driver Warning
3032 Error while trying to open/create activity log file Warning
3033 Activity log file maximum size reached Warning
3034 Unable to write the activity log file Warning
3035 Error launching a program upon virus infection Warning
3036 Error during initialization of the activity log file Warning
3037 Memory grant unavailable Warning
3038 Error writing to log Warning
3039 Centralized Alerting - Scan completed. No viruses found Informational
3040 Centralized Alerting - Scan was cancelled Informational
3041 Centralized Alerting - Virus found in Memory Critical
3042 Centralized Alerting - Infected boot record found Critical
3043 Centralized Alerting - Scan found infected files Critical
3044 Centralized Alerting - Scan found and cleaned infected files Critical
3045 Centralized Alerting - Error while accessing activity log file Warning
3046 Centralized Alerting - Scan reports memory allocation error Warning
3047 Centralized Alerting - Directory length access error Warning
3048 Centralized Alerting - Media is write protected Warning
3049 Centralized Alerting - Specified media not found Warning
3050 Centralized Alerting - Specified scan item is invalid Warning
3051 Centralized Alerting - File I/O errors Warning
3052 Centralized Alerting - Disk I/O errors Warning
3053 Centralized Alerting - Scan reports general system error Critical
3054 Centralized Alerting - Scan reported an internal application error Critical
3055 Error stopping drivers Critical
4600 WebShield - URL Blocked Critical
4650 Detected Spam Email Critical
4651 Spam Email Scanning Statistics Informational
4700 Failed to connect to CMA updater Informational
4701 Failed to connect to CMA scheduler Informational
4702 Failed to save schedule data into CMA Informational
8000 Infected item found Critical
8500 Banned item found Critical
8501 Encrypted/Corrupted item found Critical
8502 Item matched filtering criteria Critical
8503 Item matched spam criteria Critical
8601 Security for Exchange - McAfee Global Threat Intelligence file reputation failed Critical
8602 Security for Exchange - Failed to download DATs/Anti-Virus Engine Critical
8603 Security for Exchange - Insufficient disk space at the database location Critical
8604 Security for Exchange - Failed to load Anti-Virus Engine Critical
8605 Security for Exchange - On-demand Scan task failed Critical
8606 Security for Exchange - Failed to quarantine or log detections Critical
8607 Security for Exchange - Process RPCServ.exe failed to recreate Critical
8608 Security for Exchange - Failed to download Anti-Spam Rules Critical
8621 Security for Exchange - Failed to load VSAPIScanSource module Critical
8622 Security for Exchange - Failed to load TransportScan module Critical
8623 Security for Exchange - Postgres process stopped responding Critical
8624 Security for Exchange - RPCServ process stopped responding Critical
8625 Security for Exchange - Failed to load DLLhost Critical
8626 Security for Exchange - Product Service failed to start Critical
10016 scan started Informational
10017 scan finished Informational
10018 Informational Event Informational
10029 scan host started Informational
10030 scan host finished Informational
10031 module results Informational
10032 probe start Informational
10033 probe stop Informational
10034 Informational Event Informational
10046 probe results header Informational
10047 probe hop Informational
10048 update start Informational
10049 update stop Informational
10050 Informational Event Informational
10061 update results header Informational
10062 update download file Informational
10063 update installfile Informational
10064 crack started Informational
10065 crack finished Informational
10066 Informational Event Informational
10080 grind start Informational
10081 grind stop Informational
10082 Informational Event Informational
10094 smb grind status Informational
10095 smb grind result Informational
10096 sentry started Informational
10097 sentry finished Informational
10098 Informational Event Informational
10110 sentry results verbose Informational
10111 sentry results non-verbose Informational
10112 IDS start Informational
10113 IDS stop Informational
10114 Informational Event Informational
10127 IDS testing text Informational
10128 Upgrade start Informational
10129 Upgrade stop Informational
10130 Informational Event Informational
10143 upgrade results Informational
10144 AutoDiscovery start Informational
10145 AutoDiscovery stop Informational
10157 AutoDiscovery host started Informational
10158 AutoDiscovery host finished Informational
10159 AutoDiscovery results Warning
10160 ThreatScan start Informational
10161 ThreatScan stop Informational
10173 ThreatScan host started Informational
10174 ThreatScan host finished Informational
10175 ThreatScan results Warning
10176 Audit start Informational
10177 Audit stop Informational
10189 Audit host started Informational
10190 Audit host finished Informational
10191 Audit results Warning
11001 Intrusion detected (DTFW 7.5.x) or application blocked (DTFW 8.x) Major
11002 Failed Quarantine check Minor
12000 Rogue System Sensor started successfully Informational
12001 Rogue System Sensor failed to start Major
12002 Rogue System Sensor stopped Informational
13001 The machine is compliant or non-compliant with rules Informational
13002 System Compliance Profiler rule violation Major
14000 Entercept IPS Security Event Critical
14500 Entercept Firewall Event Critical
16000 Computers are non-compliant Informational
16001 Reserved for future use Informational
16002 Master Repository Update succeeded Informational
16003 Master Repository Update failed Informational
16004 Distributed Repository Replication succeeded Informational
16005 Distributed Repository Replication failed Informational
16006 New Rogue System detected Informational
16007 Subnet has become unmonitored by Rogue System Sensor Informational
16008 Active Directory Discovery task ran successfully Informational
16009 Active Directory Discovery task failed Informational
16012 Active Directory Discovery task added computers Informational
16013 Active Directory Discovery task removed computers Informational
21024 Unwanted program found Major
21025 Unwanted program successfully cleaned Major
21026 Unable to clean unwanted program Critical
21027 Unwanted program deleted Major
21028 Unable to delete unwanted program Critical
21031 Unwanted program access denied Major
21032 Unwanted program was moved to quarantine area Major
21033 Unable to move unwanted program to quarantine Critical
21036 Unwanted program found in memory Critical
21054 Unwanted program deleted Major
21055 Unable to delete unwanted program Critical
21056 Unwanted program moved to quarantine Major
21057 Unable to move unwanted program to quarantine Critical
21270 Unwanted program quarantined-no cleaner Major
21271 Unwanted program quarantined, Heuristics Major
21272 Unwanted program quarantined, can't clean Major
21273 Unwanted program quarantined, encrypted Major
21274 Unwanted program not cleaned or quarantined Critical
21275 Unwanted program, heuristics, quarantine failed Critical
21276 Unwanted program, clean error, quarantine failed Critical
21277 Unwanted program, encrypted, quarantine failed Critical
21278 Unwanted program, no cleaner, deleted Major
21279 Unwanted program, heuristics, no cleaner, deleted Major
21280 Unwanted program, clean error, deleted Major
21281 Unwanted program, encrypted, deleted Major
21282 Unwanted program, no cleaner, delete failed Critical
21283 Unwanted program, heuristics, delete failed Critical
21284 Unwanted program, clean error, delete failed Critical
21285 Unwanted program, encrypted, delete failed Critical
21286 Unwanted program, no cleaner, continued Critical
21287 Unwanted program, heuristics, continued Critical
21288 Unwanted program, clean error, continued Critical
21289 Unwanted program, encrypted, continued Critical
21290 Unwanted program, no cleaner, denied access Critical
21291 Unwanted program, heuristics, denied access Critical
21292 Unwanted program, clean error, denied access Critical
21293 Unwanted program, quarantine failed, deleted Major
21294 Unwanted program, quarantine failed, delete failed Critical
21295 Unwanted program, quarantine failed, continued Critical
21296 Unwanted program, quarantine failed, denied access Critical
21297 Unwanted program, delete failed, quarantined Major
21298 Unwanted program, delete failed, quarantine failed Critical
21299 Unwanted program, delete failed, continued Critical
21300 Unwanted program, delete failed, denied access Critical
21400 User-specified unwanted program found Major
21401 User-specified unwanted program, clean error, continued Critical
21402 User-specified unwanted program, clean error, quarantine failed Critical
21403 User-specified unwanted program, clean error, quarantined Major
21404 User-specified unwanted program, clean error, delete failed Critical
21405 User-specified unwanted program, clean error, deleted Major
21406 User-specified unwanted program was moved to quarantine area Major
21407 User-specified unwanted program, quarantine failed, delete failed Critical
21408 User-specified unwanted program, quarantine failed, deleted Major
21409 User-specified unwanted program, quarantine failed, continued Critical
21410 User-specified unwanted program deleted Major
21411 User-specified unwanted program, delete failed, quarantine failed Critical
21412 User-specified unwanted program, delete failed, quarantined Major
21413 User-specified unwanted program, delete failed, continued Critical
30000 Intrusion detected (firewall rule) Critical
34150 Security for Microsoft Exchange - Packer detected Informational
34151 Security for Microsoft Exchange - Phish detected Informational
34152 Security for Microsoft Exchange - Mail size filter rule triggered Informational
34153 Security for Microsoft Exchange - Signed content detected Informational
34154 Security for Microsoft Exchange - Encrypted content detected Informational
34155 Security for Microsoft Exchange - Corrupted content detected Informational
34156 Security for Microsoft Exchange - Denial of service triggered Informational
34157 Security for Microsoft Exchange - Protected content triggered Informational
34158 Security for Microsoft Exchange - Password protected content detected Informational
34159 Security for Microsoft Exchange - Blocked mime type detected Informational
34160 Security for Microsoft Exchange - statistics and average scan time Informational

Previous Document ID

6423643

Rate this document

Languages:

This article is available in the following languages:

English United States
Japanese

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.