17.5: Security History "Identity" Logs

Hi, Everyone,

 

Just looked at my Security History "Identity" Log section, and discovered that the last time it Logged a Log here was December 21, 2009.

 

 

X.P.; 3.  N.I.S..

 

 

 

 

Mine is full of what Antiphising version I am using now and when it was updated.

Also noticed that there has been no Anti-Phishing Updates for more than 24Hours.

 

 

 

 

 

Are you looking in 2 different logs or the same one? In my identity log it is all about antiphising.why does yours show logged in last year? I think you have covered the disscussion on the antiphising updates in a few posts:smileyhappy:

The Logs in the Security History show that the last time the Product Logged something there was in December 2009; do not ask me why this is as I have got no idea.  This is why I turned to the good-old Norton Community to see if anyone could shed any light on this.

 

 

 

Hi Floating_Red,

 

It is unusual that no recent entries appear under the Identity log category on your machine. As mo observed, that category contains log entries from when the Antiphishing definitions are downloaded and applied. The Antiphishing definitions are updated frequently, and there have been numerous updates since Dec. 21.

 

Let's try to identify whether it is an issue with logging or with downloading definitions. First, please open the folder: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\WebProtectionDefs\

 

You should find a subfolder named with a number, like "20100202.002". The first 8 numbers correspond to the definitions date, and that example is Feb. 2, 2010. Dec 21, 2009 would be 20091221.xxx. What definition date do you find?

 

Also try triggering a log entry. Launch your web browser, navigate to http://www.symantec.com, then click the Norton toolbar menu and select "Report Site". Click Submit in the "Report as a Phishing Site" dialog. Wait a few minutes, then open the Security History window and check under the "All Activity : Recent History" category. You should see a log entry containing the text, "User submitted URL "http://www.symantec.com/...."

 

Thanks,

John

 

Hi jlatino0,

 

I believe that there is a problem with the Identity logs.  In working on a thread last week where the OP was reporting no recent Antiphishing updates, I checked my Identity logs and discovered the last reported update was from almost a month earlier.  Yet looking at the actual definitions folder, the Antiphishing definitions were completely up to date.  The OP in that thread was able to confirm the same situation.  It appears that although the program continues to update, at some point the Norton HIstory Identity log stops creating new entries.  My best guess is that the program just stops logging rather than overwrite the oldest data, as I believe it is supposed to do.  Clearing the Identity log fixes the problem and the program once again logs all Identity/Antiphishing activities normally from that point.  This is something I believe you should look into as it seems to be an actual bug in the logging function.  The earlier thread I referenced can be found here:

 

http://community.norton.com/t5/Norton-360/When-were-your-anti-phising-definitions-last-updated/m-p/197238/highlight/true#M26178

Interesting...just for a reference my latest is for the 2 feb 2010 and the log starts on the 27 dec 2009. I do occasionally clear all logs.

 updates,

I just received antiphishing definitions version 20100202.003 and 20100204.001

until now, I hadn't received an update since Feb. 1st at 11:34 PM and that version was 201002.02.002

Hi

 

I know this says it is for business, but could this possibly have something to do with these identity logs? I'm probably way off base.

 

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348

Hi, “John”, Everything else seems to be working fine, it’s just the Identity, Anti-Phishing, Logs seems to have stopped being Logged. And I know that the Anti-Phishing Updated are Released, on average, every two hours. I have got up-to-date Web Protection Definitions as well, and, like I mentioned, it seems there is indeed a Bug with the Logging. Once the section is full, it should start re-placing the oldest Logs with the Newest ones, so, for example, if the section holds 150 Log Files, then once it has been reached to 150 Logs in the Identity section of the Norton Security Hsitory, then the very oldest Log should be Removed and Re-Placed by the Newest one.

Many thanks to Floating_Red for reporting this problem and everyone else for providing information about your logs and definition dates. We were able to reproduce the problem in-house and, as you've noticed, it is a logging failure.  Luckily, it is in no way related to the SEP date issue and would not have any impact on the actual updating of definitions; definitions are still downloaded and installed even though log entries may not be posted. We are investigating the logging issue.

 

- John

Well done Red!!

Many thanks, John, for the information; please Update us with how developments go.

 

I also experienced a lagging of the Logging of the Using Definitions [Definitions' Date and Version]; it would take, sometimes, up to an hour for the "Using" to appear in the Security History, whereas the "Downloaded" Log would be Logged as soon as the W.P.D. were Downloaded.