Symantec SEP DB query: Risk Action Taken Status Codes

By gunnalagDesktop

 

ACTUALACTION_IDX (int, NOT NULL) is a Pointer to table ‘actualaction’; this is the action taken on the risk.

Select * from ACTUALACTION

-1    Action Failed
1    Quarantined
2    Renamed
3    Deleted
4    Left alone
5    Cleaned
6    Cleaned or Macros Deleted
7    Saved
9    Move Back
10    Rename Back
11    Undo
12    Bad
13    Backup
14    Pending Repair
15    Partially repaired
16    Reboot Pending
17    Exclude
18    Reboot Processing
19    Cleaned by deletion
20    Access Denied
21    Process Terminated
22    No Repair Available
23    No Action Taken
98    Suspicious
99    Details Pending
100    IDS block
101    FW violation
110    CALDetection
111    ForcedDetection
1000   ForcedHashDetection
200    Attachment stripped
500    Not applicable

<

p>Query filter to list all un-cleaned risk events is: ALERTS.ACTUALACTION_IDX not IN (1,3,5,6,19,200)

By gunnalag

You might also like:

Procedure to extend Windows System Partition with non-adjacent or non-contiguous unallocated Free space

FIX: Arrow Keys Navigation does NOT work in Excel

Fix: Microsoft Office Icons Missing or Replaced with Generic white icons

Leave a Reply

Your email address will not be published. Required fields are marked *