Problem
This happens when you do not understand why some events are red / blue / yellow / green, etc.
Solution
EVENT NOTIFICATION located under MONITOR > EVENT
After deploying a modified prevention policy with the “Disable prevention” option Enabled, events will begin to show in the Monitor > Events tab. As the system receives the policy and system activity occurs, new Red DENY 
or Blue ALLOW 
warning, Green Successful/Information 
, and Maroon Critical 
events will begin to appear in the Management console. You can then handle those exceptions and configure the policy as required.
EXAMPLE:
|
Source Machine
|
Date
|
Event type
|
Severity
|
Description
|
|
SEPM1-TEST
|
10-Jul-2015 09:47:28 PDT
|
File Access
|
Warning
|
File Read Allowed for REPORTINGSERVICESSERVICE.EXE on \Device\Mup\win-q11o1qgmg36\PIPE\sql\query
|
|
|
|
|
|
|
|
admin-PC
|
10-Jul-2015 09:38:56 PDT
|
Agent Status
|
Information
|
Successfully updated the policy to WIN 7 BASIC OS sym_win_hardened_sbp 109
|
|
|
|
|
|
|
|
admin-PC
|
10-Jul-2015 09:26:55 PDT
|
Agent Status
|
Critical
|
Component LiveUpdate failed.
|
|
|
|
|
|
|
|
admin-PC
|
10-Jul-2015 09:26:55 PDT
|
File Access
|
Warning
|
File Write Denied for SISIPSSERVICE.EXE on C:\Windows\system32\drivers\symefasi\data\VT20150710.033
|
AGENT PANE located under ASSETS > NETWORK
EXAMPLE:
|
|
|
Name
|
IP Address
|
Version
|
OS
|
Last Contact
|
|
|
|
 Admin-PC
|
192.168.1.131
|
6.5.0.355
|
Windows
|
10-Jul-2015
|
The Agent health is displayed in first column of the agent Pane information
It indicates whether an agent is in contact with the management server. You can view agent properties to track the health of an agent. Agent health is denoted by a green, yellow, or red circle icon. A green icon indicates that an agent is online. A yellow icon indicates that an agent is possibly offline. A red icon indicates that an agent is offline. Separate yellow or red default values are provided for native and virtual agents
EXAMPLE:
|
Agent Health
|
|
|
Green
|
This Symbol means healthy
|
|
|
Yellow
|
This Symbol means Minor issue
|
|
|
Red
|
This symbol means major issues
|
The color of the agent health icon is determined using the following rules:
• Agent health is set to green when the last contact time or the last event time plus the yellow interval seconds is greater than the current time.
• Agent health is set to yellow when the last contact time or the last event time plus the yellow interval seconds is less than the current time and the last contact time or the last event time plus the red interval seconds is greater than the current time.
• Agent health is set to red when the last contact time or the last event time plus the red interval seconds is less than the current time.
The icon in the second column of the agent pane displays the agent feature state.
EXAMPLE:
|
Agent Feature Set
|
|
|
Shield
|
Prevention active
|
|
|
Shield with red X
|
Limited or No Prevention
|
|
|
Up Arrow
|
Prevention will be Re-enabled after reboot
|
|
|
Down Arrow
|
Prevention will be Disabled after reboot
|
|
|
Circle with Diagonal Line
|
Prevention completely disabled
|
- A shield icon indicates the agent is protected, but a red X through the shield indicates limited or no protection.
- If a driver is enabled but no policy is applied, the red X is displayed.
- An up arrow means the prevention feature is disabled, but will be enabled after a reboot, and a down arrow indicates the prevention feature is enabled, but will be disabled after a reboot. The agent continues to enforce the most recent prevention policy until the reboot. To stop enforcement before the reboot, apply the Null policy before disabling the prevention feature.
- A circle with diagonal line means the prevention feature is completely disabled.
The third column in the agent pane displays the agent name and status, such as:
EXAMPLE:
|
Agent Name Column
|
|
Default Font
|
No Pending Changes
|
|
BOLD
|
Pending changes received by server but not the agent
|
|
BOLD & ITALIC
|
Pending changes not yet received by SERVER
|
|
RED FLAG
|
Changes are pending and being processed
|
|
 EXCLAMATION
|
ERROR
|
- Normal lettering means there are no pending changes or outstanding errors.
- Bold lettering means pending changes to the agent that were received by the management server, but not applied to the agent. Check the agent’s property Status tab for information about the failed action, then decide how to manually solve the problem.
- Bold and italic lettering indicates pending changes to the agent’s configuration or policy assignment that have yet to be received by the management server. When the changes are applied to the agent, the lettering reverts to normal.
- Flag icon indicates changes to the agent’s configuration or policy assignment are pending.
- Exclamation icon means an error has occurred.