Hi All,

What is the best practise applying on srpm for alert if any client become source of attack, any client spreading worm accross network? please submission your best reporting or alert through mail on SEPM so being a SEPM i can act quick getting alerts?

See chetan and others comments

https://www-secure.symantec.com/connect/forums/brute-force-notification-sepm-1215

 

Edit

Best practices articles for Symantec Endpoint Protection (SEP)

Article:TECH181685

|

Created: 2012-02-17

|

Updated: 2014-10-22

|

Article URL http://www.symantec.com/docs/TECH181685

Threat remediation

Troubleshoot and respond to threats that may be on your endpoints.

• Best Practices for Troubleshooting Viruses on a Network http://www.symantec.com/docs/TECH122466
  
   
• Best practice for collecting logs on a possibly infected computer http://www.symantec.com/docs/TECH165403
  
   
• Best Practices for responding to "Left Alone" in the virus or threat history log http://www.symantec.com/docs/TECH101661
  
   
• Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe http://www.symantec.com/docs/TECH98360
  
   
• Best practices for removal of w32.Downadup http://www.symantec.com/docs/TECH177757
  
   
• Best practices for remediating W32.Qakbot infected networks http://www.symantec.com/docs/TECH158678

 

The alerting is fine but the response is the key. Make sure your operations and security teams get the alerts but do you have an incident response procedure in place? You'll want to get the trouble machines off the network immediately for remediation.