Endpoint Protection

 View Only

  • 1.  Comprehensive Risk Report

    Posted Jun 02, 2013 09:20 PM
      |   view attached

    I created a Comprehensive Risk Report by Month. In the report, found there is 17 SEP clients "Failed to Repair". What does this mean?



  • 2.  RE: Comprehensive Risk Report
    Best Answer

    Posted Jun 02, 2013 09:22 PM

    If SEP has no definition to repair the infection; If SEP had to delete the infection instead of repairing (trojans are deleted, viruses are repaired usually)



  • 3.  RE: Comprehensive Risk Report

    Posted Jun 02, 2013 10:57 PM

    yes, there is risk report in last month. In our setting, first action is clean, and second action is leave alone.

    So "Failed to Repair" includs "Left alone" action which we pre-defined in policy?

    "17" is the sum of occurrences number ?

     

    Event Source Risk Name Occurrences File Path Actual Action Requested Action Secondary Action Event Date
    Virus found Auto-Protect Suspicious.MH690 3 E:\Dept\study.exe Left alone Clean Leave alone (log only) 5/28/2013 15:52
    Virus found Auto-Protect Suspicious.MH690 1 E:\Dept\study.exe Left alone Clean Leave alone (log only) 5/28/2013 15:13
    Virus found Auto-Protect Suspicious.MH690 1 E:\Temp\130527\Dept\study.exe Left alone Clean Leave alone (log only) 5/27/2013 22:52
    Virus found Auto-Protect Suspicious.MH690 1 E:\Temp\130527\Dept\study.exe Left alone Clean Leave alone (log only) 5/27/2013 22:48
    Virus found Auto-Protect Suspicious.MH690 1 E:\Dept\study.exe Left alone Clean Leave alone (log only) 5/27/2013 17:57
    Virus found Auto-Protect Suspicious.MH690 8 E:\Dept\study.exe Left alone Clean Leave alone (log only) 5/27/2013 11:33
    Virus found Auto-Protect Suspicious.MH690 1 E:\Dept\study.exe Left alone Clean Leave alone (log only) 5/27/2013 10:24
    Virus found Auto-Protect Suspicious.MH690 1 E:\Dept\study.exe Left alone Clean Leave alone (log only) 5/27/2013 3:40


  • 4.  RE: Comprehensive Risk Report

    Posted Jun 02, 2013 11:22 PM

    Hello,

    E: is your removal drive ?



  • 5.  RE: Comprehensive Risk Report

    Posted Jun 02, 2013 11:23 PM

    Hello,

     

    These fileas are may be in your USB device, kindly scan the system in Safe Mode with Networking. Take the action which you want.



  • 6.  RE: Comprehensive Risk Report

    Posted Jun 02, 2013 11:35 PM

    If it is removable drive then take the action while connecting it.

    Try first in normal mode then Safe Mode with Networking.

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-121617-3748-99&tabid=2



  • 7.  RE: Comprehensive Risk Report

    Broadcom Employee