Endpoint Protection

 View Only
  • 1.  Action Required is Yes in Daily Status Report

    Posted Feb 04, 2013 04:36 PM

    Hello,

    My environment is running SEP 12.1.  Just logged into the SEPM and clicked on "Symantec Endpoint Protection Daily Status" under Favorite Reports.  One of the virus detections I reviewed in this report shows that an item was quarantined.  There are a few pieces of information about that detection including "Action Required."  For this one detection "Action Required" is equal to Yes.  So I copied the workstation ID, went into Monitors and checked the Risk Logs for this machine.  I found a corresponding event for the malware that was detected on that machine.  I see that there is a + sign in the Action column.  If I click on this + sign, I have 3 options.  Is this the Action Required that I saw in the Daily Status Report?  If not, what does action required mean in that Daily Status report?

    Thanks in advance,

     

    Bob



  • 2.  RE: Action Required is Yes in Daily Status Report

    Posted Feb 04, 2013 04:42 PM

    What were the 3 options?

    Usually the daily status report is just an overview of virus detection counts, definitions counts, etc.

    This is simply telling you that you may need to take action on a virus. If the risk was mitigated by the SEP client, you usually have to take no action and the SEPM will automatically reflect this. A couple of KB articles on this:

     

    Viewing a daily or weekly status report

    Article:HOWTO80812  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80812
     
     

    Monitoring endpoint protection

    Article:HOWTO81011  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81011

     



  • 3.  RE: Action Required is Yes in Daily Status Report

    Posted Feb 04, 2013 04:50 PM

    Hi,

    The three choices are "Allow application", "Block application" and "Trust Web Domain".  From what I can see, choosing one of these applications will add the application to an Exception policy.  According to the event in the Risk Logs, SEP quarantined the item.  

    Bob



  • 4.  RE: Action Required is Yes in Daily Status Report
    Best Answer

    Posted Feb 04, 2013 04:58 PM

    Yes, those 3 options are related to excluding the risk. Not sure if you want to exclude it but that's up to you.

    Otherwise, if the risk was actioned (deleted, cleaned, quarantined), SEPM will reflect the change and it should be removed from the report.