Email virus alerts have less info compared to SAV 10

Is the SEP alert from a SEP client or are you forwarding the SAV10x logs to SEPM?

I agree with you and have a rant in here myself from a couple months back - the email alerts don't contain squat.
SEP gives nothing on the file name or location - and that file path tells me everything I need to know - how it got in, what sort it is, etc. I KNOW I can get that info from the SEM console and logs, but often times, I'm not there, or I'm at home, etc. and I need that info in the email. Not have to go digging for it. I could tell almost everything I needed from the email.

So my request would be:
please, Symantec, give the details about the file and path, everything, in the email itself, don't make me go digging for it. I don't have that much time ;-)
SAV did it, should be easy to tell SEP to go into verbose mode with the emails.

I've already submitted this as an enhancement request (back when ShadowsPapa's old thread was still fresh).  I would suggest that everyone who feels this way do likewise:

http://engweb.symantec.com/enhancement/

Is the SEP alert from a SEP client or are you forwarding the SAV10x logs to SEPM?

It's from a SEP client.  From the looks of the other two replies it sounds like this is just how SEP works for now and that I will need to submit a enhancement request.

That is the native SEP email alert.
The native SAV email alerts are more verbose, much more important information.
The native SEP alerts - those with no SAV involvement at all, are pretty stripped down.
SEP is more like "hey, mister, you have a problem, better go dig into it - lotsa luck, I ain't gonna tell ya anything".

The old SAV was like "buddy, you have a problem and here is all the information you will ever need to figure it out right at your fingertips"

LOL - hint-hint  ;-)

The main thing that bothers me is the alerts from SEP do not contain the File/Path that was infected. 

On the start page of SEP Manager there is an "Action Summary by Detection Count"

If you click on "Newly Infected" or "Still Infected" you can from this report see the path to the infected file.

>>The main thing that bothers The main thing that bothers me is the alerts from SEP do not contain the File/Path that was infected.<<

Exactly, but I suspect someone still doesn't get my/our gripe.
We don't always have the ABILITY to get to the console! I get email alerts at HOME. I need to be able to see in the alerts. I need to be able to see the alerts on a phone, or a PDA, or whatever. Email does that for me.
The issue is that we don't have TIME to pull up that SLOW Java console, and dig and click for info. SAV used to give it to us in a single swoop - a single email Done - we knew everything we needed, file name, file path,etc. If the console was simple, fast and easier, fine, but it's slow, and sometimes takes 10 seconds to display the next tab.
I am a troubleshooter - I diagnose - I can tell you almost anything we need to know from the file name and path. I can tell what it is, how risky it is, and how they got it from the file name and path.
Having to dig is irritating at the least, and costly in time at the worst. I want the FILE NAME AND FULL PATH in the email. I know I can get it 6 other places but don't care. I want it in the email SAV did it, SEP does not.

I completely agree with ShadowsPapa. As said in another post, I'm a lazy admin and "you can get the info if you log into the console" is not an adequate response. If the information is housed in the 'system', then it should be reportable, and if it's reportable, it should be autonomy-enabled. Otherwise, it just serves to create more work for the admin... and if it continues to create more work for the admin...

I still think I'll have to head down the path of SQL reporting services, which is unfortunate. I feel like I have to reverse engineer the sem5 schema to get the data and reporting I want. Tsk tsk.

I just submitted an enhancement request for this. Another needed feature that Symantec seems to have taken out!

I Agree with Shadowspapa as well.   The alerts as they are are not very helpful.  I want to be able to look at them and know what is going on.  I have my alerts set up to let me know if realtime detects more than 10 with in an hour across my organization.  Inevitably these come in when I am on my way home and I get them on my Blackberry.   Since they are likely to be in a different time zone if I could read the report on my blackberry and see what was going on were I could dispatch a local tech to the problem machine to investigate from my car if I needed to and not have to hope everything was good till I got home or have to pull over and pull out a laptop and connect in.

I submitted a enhancement request on this a while back and was told that they are working on it.  Hopefully one of the upcoming releases with solve the problem.

I put this into an idea.

https://www-secure.symantec.com/connect/idea/email...

Please go and agree if you think it's appropriate.

Bjohn,

Thank you for posting this request on the "Ideas" forum. I will check to see if the deadline has passed for adding changes of this size. If it has, I will put it on the list for the next release.

To confirm, you just need file/path of infection? You are not so worried about the side-effects? Side-effects are the additional files and registry entries that a threat will add to the system.

Regards,

JimW

Here's what an alert from SAV reporter looked like, If the SEPM alert can look close to this, that would be great. Including file/path and action taken.

Virus found:

Alert: 77402
Virus name: Downloader
Computer: MY Computer
IP address: MY IP
File/Path: C:/Documents and Settings/username/Local Settings/Temporary Internet Files/Content.IE5/FA34ALR6/E_J[1].JS
User: bhoguedb
Alert date/time in reporting server time: 2009-06-09 16:06:43
Database insert date/time: 2009-06-09 16:14:01
Source: Auto-Protect scan
Description:
Actual action: Partially repaired
Server group: Upstate Offices
Parent server: MY SERVER
Client group: WS Upstate UPG

This alarm was generated at 2009-06-09 16:17:01 (Reporter Host Time).
This alarm was generated by Administrator, with the following filters:
Server group: *
Client group: *
Parent server: *
Computer: A15-*
Virus name: *
Source: