Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Symantec Endpoint eats Cisco security agent leventmgr.exe

This is only for info.

I was pretty sure that the CSA even protected themselves.

I assumed that the CSA did not give Symantec access to put the files that belong to the CSA in quarantine

We have run CSA and Symantec AV for almost 6 years.

On all our workstations / laptops

running with CSA as behavioral protection and Symantec for AV protection.

Now symantec started in their version 12.1 begun SONAR little as Cisco Sensor Base.

But now, Symantec don't trust CSA see my CSA log from CSA MC

The 'Symantec AntiVirus' service logged event code 51 into the application event log: 

Security  Risk Found!SONAR.ProcHijack!gen1 in File: c:\program  files\cisco\csagent\bin\leventmgr.exe by: SONAR scan.  Action: Reboot  Required.  Action Description: The file was quarantined successfully.

At 5 workstations I've got this event and the problem with this
is that CSA is not very active, however it has its system state but there is no log in the local log and there will not be sent logs to CSA MC and CSA MC sees these PCs as inactive in the CSA MC

I've now got the antivirus people believe, to trust CSA leventmgr.exe in symantec


Symantec Endpoint eats Cisco security agent leventmgr.exe

I believe Cisco has abdononed CSA. It is no longer in CSM 4.x

I usualy had to turn it off to get any work om my CSM server done. Sorry to hear you still have to fight these battles.

I'm glad it's gone.

- Bob

Community Member

Symantec Endpoint eats Cisco security agent leventmgr.exe

I do not think that we've had major challenges with CSA.

It is complex and can be many things in the CSA.

I would still argue that no other endpoint protection is on par with Cisco security agent, but I am not happy that Symantec can put a CSA file as leventmgr.exe quarantined.

CreatePlease to create content