Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Difference between "distinct computers", "any computer" and "single computer"

Created: 02 Apr 2013 • Updated: 02 Apr 2013 | 4 comments
This issue has been solved. See solution.

I am trying to set up notifications to detect a possible virus outbreak around the corner.

When I am setting up the notificatioin for "Risk Outbreak", I see there are three options for Outbreak Type:

 

1. Occurrences on distinct computers

2. Occurrences on any computer

3. Occurrences on single computers

 

 

Can you tell me what is the difference between "distince computers", "any computer", and "single computers". This is really vague. Please give an example.

Comments 4 CommentsJump to latest comment

Rafeeq's picture

 

1. Occurrences on distinct computers- On these computers ( on comp1, comp2, comp3, which are in different region)

2. Occurrences on any computer- any computer ( comp1 ....comp3)

3. Occurrences on single computers ( comp1)

SOLUTION
.Brian's picture

1. Occurrences on distinct computers

Outbreak in a specific group

2. Occurrences on any computer

Outbreak on any computer

3. Occurrences on single computers

Outbreak on one single computer

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

I've always interpreted it as below (assuming the default 10 occurrences within 1 minute):

  1. Occurences on distinct computers
    Any single machine can only be counted towards the total occurences once (i.e. 10 different machines must report Risks within a minute)
  2. Occurences on any computer
    Risks can come from any number of machines (i.e. 2 machines with 5 risks each could trigger the default thresholds, as could 4 machines with 3 risks each, but 9 machines with one risk each would not)
  3. Occurrences on Single computers
    All 10 risks reported come from the same machine
Mithun Sanghavi's picture

Hello,

For Client security alert and Risk outbreak, specifies the type and extent of the outbreak that should trigger this notification.
 
The outbreak type that you select results in the following information:
 
• Occurrences on any computer
 
The number of security events or risks that are found in the number of minutes that you set.
 
• Occurrences on single computer
 
The number of security events or risks that are found on computer name in the number of minutes that you set.
 
• Occurrences on distinct computers
 
The number of attacked computers or infected computers that are found in the number of minutes that you set.
 
Note:  In this context, infected means that a risk was detected. It does not necessarily mean that the risk is still active.
 
Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.