Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Action Required is Yes in Daily Status Report

Created: 04 Feb 2013 • Updated: 04 Feb 2013 | 3 comments
This issue has been solved. See solution.

Hello,

My environment is running SEP 12.1.  Just logged into the SEPM and clicked on "Symantec Endpoint Protection Daily Status" under Favorite Reports.  One of the virus detections I reviewed in this report shows that an item was quarantined.  There are a few pieces of information about that detection including "Action Required."  For this one detection "Action Required" is equal to Yes.  So I copied the workstation ID, went into Monitors and checked the Risk Logs for this machine.  I found a corresponding event for the malware that was detected on that machine.  I see that there is a + sign in the Action column.  If I click on this + sign, I have 3 options.  Is this the Action Required that I saw in the Daily Status Report?  If not, what does action required mean in that Daily Status report?

Thanks in advance,

 

Bob

Comments 3 CommentsJump to latest comment

.Brian's picture

What were the 3 options?

Usually the daily status report is just an overview of virus detection counts, definitions counts, etc.

This is simply telling you that you may need to take action on a virus. If the risk was mitigated by the SEP client, you usually have to take no action and the SEPM will automatically reflect this. A couple of KB articles on this:

 

Viewing a daily or weekly status report

Article:HOWTO80812  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80812
 
 

Monitoring endpoint protection

Article:HOWTO81011  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO81011

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

BzlBob's picture

Hi,

The three choices are "Allow application", "Block application" and "Trust Web Domain".  From what I can see, choosing one of these applications will add the application to an Exception policy.  According to the event in the Risk Logs, SEP quarantined the item.  

Bob

.Brian's picture

Yes, those 3 options are related to excluding the risk. Not sure if you want to exclude it but that's up to you.

Otherwise, if the risk was actioned (deleted, cleaned, quarantined), SEPM will reflect the change and it should be removed from the report.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION