Endpoint Protection

 View Only

  • 1.  Difference between "distinct computers", "any computer" and "single computer"

    Posted Apr 02, 2013 10:16 AM

    I am trying to set up notifications to detect a possible virus outbreak around the corner.

    When I am setting up the notificatioin for "Risk Outbreak", I see there are three options for Outbreak Type:

     

    1. Occurrences on distinct computers

    2. Occurrences on any computer

    3. Occurrences on single computers

     

     

    Can you tell me what is the difference between "distince computers", "any computer", and "single computers". This is really vague. Please give an example.



  • 2.  RE: Difference between "distinct computers", "any computer" and "single computer"
    Best Answer

    Posted Apr 02, 2013 10:35 AM

     

    1. Occurrences on distinct computers- On these computers ( on comp1, comp2, comp3, which are in different region)

    2. Occurrences on any computer- any computer ( comp1 ....comp3)

    3. Occurrences on single computers ( comp1)



  • 3.  RE: Difference between "distinct computers", "any computer" and "single computer"

    Posted Apr 02, 2013 10:44 AM

    1. Occurrences on distinct computers

    Outbreak in a specific group

    2. Occurrences on any computer

    Outbreak on any computer

    3. Occurrences on single computers

    Outbreak on one single computer



  • 4.  RE: Difference between "distinct computers", "any computer" and "single computer"

    Posted Apr 02, 2013 11:37 AM

    I've always interpreted it as below (assuming the default 10 occurrences within 1 minute):

    1. Occurences on distinct computers
      Any single machine can only be counted towards the total occurences once (i.e. 10 different machines must report Risks within a minute)
    2. Occurences on any computer
      Risks can come from any number of machines (i.e. 2 machines with 5 risks each could trigger the default thresholds, as could 4 machines with 3 risks each, but 9 machines with one risk each would not)
    3. Occurrences on Single computers
      All 10 risks reported come from the same machine


  • 5.  RE: Difference between "distinct computers", "any computer" and "single computer"

    Trusted Advisor
    Posted Apr 02, 2013 12:33 PM

    Hello,

    For Client security alert and Risk outbreak, specifies the type and extent of the outbreak that should trigger this notification.
     
    The outbreak type that you select results in the following information:
     
    • Occurrences on any computer
     
    The number of security events or risks that are found in the number of minutes that you set.
     
    • Occurrences on single computer
     
    The number of security events or risks that are found on computer name in the number of minutes that you set.
     
    • Occurrences on distinct computers
     
    The number of attacked computers or infected computers that are found in the number of minutes that you set.
     
    Note:  In this context, infected means that a risk was detected. It does not necessarily mean that the risk is still active.
     
    Hope that helps!!