Symantec Intruder Alert device status (Windows and UNIX)

Module: Discovery

Supported Platforms: UNIX, Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check examines the specified TCP ports on targeted devices and reports devices that are not running Symantec Intruder Alert. To report computers that could run Symantec Intruder Alert but are not (candidates), enable the Profile candidate devices option. To report computers that are running Symantec Intruder Alert, enable the Report if found option.

The following table lists the error messages for the check.

Table: Error messages for Symantec Intruder Alert device status

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESMM_INV_ADDRQUAL

Category: System Information

  • UNIX (45500)

  • Windows 2000 (45500)

  • Windows 2003 (45500)

  • Windows 2008 (45500)

  • Windows Vista (45500)

  • Windows XP (45500)

Title: Invalid address qualifier

Description:The specified address qualifier is not valid. Each target address has four parts with periods separating the parts, and can represent one or more IP addresses. Each part consists of a number between 1 and 254, a range of numbers, or a wildcard character (* or ?). A range of numbers is specified as n-m where n is the lower limit and m is the upper limit. If the lower limit is not specified (for example, -127), 1 is used. If the upper limit is not specified (for example, 17-), 254 is used. A * represents the range of numbers 1-254. A ? represents the matching part of the agent's IP address. For example, if you specify ?.?.?.* and the executing agent's address is 172.17.7.55, the result is the same as 172.17.7.*.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMM_TIMED_OUT

Category: System Information

  • UNIX (45506)

  • Windows 2000 (45506)

  • Windows 2003 (45506)

  • Windows 2008 (45506)

  • Windows Vista (45506)

  • Windows XP (45506)

Title: Timed out while profiling

Description:Communications with the address/host timed out profiling.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMM_ITA_FOUND

Category: System Information

  • UNIX (45512)

  • Windows 2000 (45512)

  • Windows 2003 (45512)

  • Windows 2008 (45512)

  • Windows Vista (45512)

  • Windows XP (45512)

Title: ITA found

Description:Symantec Intruder Alert was found at the address or on the host.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMM_ITA_CANDIDATE

Category: System Information

  • UNIX (45513)

  • Windows 2000 (45513)

  • Windows 2003 (45513)

  • Windows 2008 (45513)

  • Windows Vista (45513)

  • Windows XP (45513)

Title: ITA candidate

Description:Symantec Intruder Alert was not found at the address or on the host, and the responding hardware appears to be a candidate for a Symantec Intruder Alert installation.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: ESMM_NOT_ITA_CANDIDATE

Category: System Information

  • UNIX (45514)

  • Windows 2000 (45514)

  • Windows 2003 (45514)

  • Windows 2008 (45514)

  • Windows Vista (45514)

  • Windows XP (45514)

Title: Non-ITA candidate

Description:Symantec Intruder Alert was not found at the address or on the host, and the responding hardware does not appear to be a candidate for a Symanec Intruder Alert installation. Common measures employed to secure computers can prevent the Discovery module from identifying remote operating systems. The more secure a remote computer, the less likely the Discovery module will be able to identify the operating system. If the Discovery module cannot identify the operating system of a remote computer, Symantec ESM reports this message.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]