Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Rule ID 0 on the Threat Discovery Appliance (TDA)

    • Updated:
    • 5 Jun 2014
    • Product/Version:
    • Threat Discovery Appliance 2.5
    • Platform:
    • Not Applicable N/A
Summary
There are many entries about Rule ID 0 in the logs, but users cannot see this rule in the rule list.
Details
Public
VSAPI and Network Virus Engine or NVE (the title varies depending on the protocol and direction)
Rule ID: 0
Fields of interest: detectionname, filename, filenameinarc, protocol, direction
  1. Malicious files being sent over various protocols and can be detected by VSAPI
  2. Network worms and attacks can be detected by NVE
  3. NVE detections have custom protocols in TDA that begin with “Network Virus Pattern”
  4. It cannot be assumed that a machine is infected simply because it downloaded a VSAPI-detected file. It is possible that it was not executed or it was caught by an endpoint security solution.
    However, if the direction is internal for VSAPI or NVE detections, then the source host is likely to be infected and propagating malware to the destination host.
  5. If there is no detectionname, then the log is not for a detection, but rather a debug message meaning that a constraint was met (file corrupted or too large to scan).
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1055671
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.