Endpoint Protection

Hello,

We have configured the client security alert notification type to send notifications by email when any of the following event types are detected:

Compliance Events
Network Threat Protection Events
Traffic Events
Packet Events

As I understand it Network Threat Protection in SEP is comprised of Network intrusion prevention and browser intrusion prevention. The notifications do arrive for network intrusion prevention events but nothing for browser intrusion prevention events.  I know this because we had a browser intrusion event on 7/30 which appeared in a scheduled report the following day but the notification alert was not received.

*attached screenshot of the client security alert configuration*

Matt

Yea you would/should get these for both network and browser, what's the exact version here?

Hi Brian

We're on 12.4104.4130

Strangely the console reports this as 12.1.4100.4126

I obtained that via help -> about

nm the first is the console manager version :)

Have you ever gotten an alert for browser IPS? Sounds more like an alert was just missed and it happened to be for the browser IPS.

I don't believe i've ever noticed a browser IPS alert - we only enabled the client security alerts around 2 months ago.  What do you mean "an art was just missed" ?

Sorry, meant "alert", just corrected it :)

In all honesty, you may want to check in with Symantec.

You can try deleting and re-creating the event. The main issue is I doubt you can easily re-produce this problem unless you know which malicious site(s) to visit.

Okay i'll give the recreate a shot at least - i agree re-producing will be a problem but at least it shows up as a report so we should be aware if another occurs.

If it doesn't work i'll open a Symantec ticket.

Will update this when i know more!

Sounds good :)