Action Required is Yes in Daily Status Report
Hello,
My environment is running SEP 12.1. Just logged into the SEPM and clicked on "Symantec Endpoint Protection Daily Status" under Favorite Reports. One of the virus detections I reviewed in this report shows that an item was quarantined. There are a few pieces of information about that detection including "Action Required." For this one detection "Action Required" is equal to Yes. So I copied the workstation ID, went into Monitors and checked the Risk Logs for this machine. I found a corresponding event for the malware that was detected on that machine. I see that there is a + sign in the Action column. If I click on this + sign, I have 3 options. Is this the Action Required that I saw in the Daily Status Report? If not, what does action required mean in that Daily Status report?
Thanks in advance,
Bob
Comments 3 Comments • Jump to latest comment
What were the 3 options?
Usually the daily status report is just an overview of virus detection counts, definitions counts, etc.
This is simply telling you that you may need to take action on a virus. If the risk was mitigated by the SEP client, you usually have to take no action and the SEPM will automatically reflect this. A couple of KB articles on this:
Viewing a daily or weekly status report
Monitoring endpoint protection
SEP Knowledge Base
Endpoint SWAT
Hi,
The three choices are "Allow application", "Block application" and "Trust Web Domain". From what I can see, choosing one of these applications will add the application to an Exception policy. According to the event in the Risk Logs, SEP quarantined the item.
Bob
Yes, those 3 options are related to excluding the risk. Not sure if you want to exclude it but that's up to you.
Otherwise, if the risk was actioned (deleted, cleaned, quarantined), SEPM will reflect the change and it should be removed from the report.
SEP Knowledge Base
Endpoint SWAT
Would you like to reply?
Login or Register to post your comment.