About the information in the Risk reports and log

Article:HOWTO27548  |  Created: 2010-01-09  |  Updated: 2010-01-20  |  Article URL http://www.symantec.com/docs/HOWTO27548
Article Type
How To

Product(s)

Environment


About the information in the Risk reports and log

The Risk reports and log include information about risk events on your management servers and their clients. Also, TruScan proactive threat scan activity is reported in Risk reports.

See About the information in the TruScan proactive threat scan reports and logs.

Table: Risk reports and log summary describes some typical uses for the kind of information that you can get from Risk reports and log.

Table: Risk reports and log summary

Log and report types

Typical uses

Infected and At Risk Computers report

Use this report to quickly identify the computers that need your attention because they are infected with a virus or a security risk.

This report consists of two tables. One table lists computers that have a virus infection. The other table lists the computers that have a security risk that has not yet been remediated.

Detection Action Summary report

Use this report to identify the actions that were taken when risks were detected. This information also appears on the Symantec Endpoint Protection Home page.

This report consists of a table that shows a count of all the possible actions that were taken when risks were detected. The possible actions are Cleaned, Suspicious, Blocked, Quarantined, Deleted, Newly Infected, and Still Infected. This information also appears on the Symantec Endpoint Protection Home page.

Risk Detections Count report

Use this report to identify the domains, groups, or particular computers that have the largest number of risk detections. You can then investigate why some entities seem to be at greater risk than others in your network.

This report consists of a pie chart, a risk table, and an associated relative bar. It shows the total number of risk detections by domain, server, or computer. If you have legacy Symantec AntiVirus clients, the report uses the server group rather than the domain.

New Risks Detected in the Network report

Use this report to identify and track the impact of new risks on your network.

This report includes a table and a distribution pie chart.

For each new risk, the table provides the following information:

  • Risk name

  • Risk category or type

  • First discovered date

  • First occurrence in the organization

  • Scan type that first detected it

  • Domain where it was discovered (server group on legacy computers)

  • Server where it was discovered (parent server on legacy computers)

  • Group where it was discovered (parent server on legacy computers)

  • The computer where it was discovered and the name of the user that was logged on at the time

The pie chart shows new risk distribution by the target selection type: domain (server group on legacy computers), group, server (parent server on legacy computers), computer, or user name.

Top Risk Detections Correlation report

Use this report to look for correlations between risks and computers, users, domains, and servers.

This report consists of a three-dimensional bar graph that correlates virus and security risk detections by using two variables. You can select from computer, user name, domain, group, server, or risk name for the x and y axis variables. This report shows the top five instances for each axis variable. If you selected computer as one of the variables and there are fewer than five infected computers, non-infected computers may appear in the graph.

Note:
For computers running legacy versions of Symantec AntiVirus, the server group and parent server are used instead of domain and server.

Risk Distribution Summary report

Risk Distribution Over Time report

Use these reports to track the distribution of risks. You can also use it to pinpoint particular risks, domains, groups, servers, computers, and the users that seem to have more problems than others. You can use Risk Distribution Over Time to see how these risks change over time.

The Risk Distribution Summary report includes a pie chart and an associated bar graph that displays a relative percentage for each unique item from the chosen target type. For example, if the chosen target is risk name, the pie chart displays slices for each unique risk. A bar is shown for each risk name and the details include the number of detections and its percentage of the total detections. Targets include the risk name, domain, group, server, computer, user name, source, risk type, or risk severity. For computers running legacy versions of Symantec AntiVirus, the server group and parent server are used instead of domain and server.

The Risk Distribution Over Time report consists of a table that displays the number of virus and security risk detections per unit of time and a relative bar.

Action Summary for Top Risks report

Use this report to review the actions that were taken on the risks that Symantec Endpoint Protection has detected in your network.

This report lists the top risks that have been found in your network. For each, it displays action summary bars that show the percentage of each action that was taken when a risk was detected. Actions include quarantined, cleaned, deleted, and so on. This report also shows the percentage of time that each particular action was the first configured action, the second configured action, neither, or unknown.

Number of Notifications report

Number of Notifications Over Time report

Use these reports to refine how you create and configure notifications in your network.

The Number of Notifications report consists of a pie chart with an associated relative bar. The charts show the number of notifications that were triggered by the firewall rule violations that you have configured as important to be notified about. It includes the type of notifications and the number of each.

The Number of Notifications Over Time report consists of a line chart that displays the number of notifications in the network for the time period selected. It also contains a table that lists the number of notifications and percentage over time. You can filter the data to display by the type of notification, acknowledgment status, creator, and notification name.

Weekly Outbreaks report

Use this report to track risk outbreaks week by week.

This report displays the number of virus and security risk detections and a relative bar per week for each for the specified time range. A range of one day displays the past week.

Comprehensive Risk Report report

Use this report to see all of the distribution reports and the new risks report information at one time.

By default, this report includes all of the distribution reports and the new risks report. However, you can configure it to include only certain of the reports. This report includes the information for all domains.

Risk log

Use this log if you need more specific information about any of the areas in the Risk reports. For example, you can use the Risk log to see details about the risks that were detected on the computers where risks are often found. You can also use the Risk log to see details about security risks of a particular severity that have affected your network.


About the reports you can run


Legacy ID



349968


Article URL http://www.symantec.com/docs/HOWTO27548


Terms of use for this information are found in Legal Notices