Message Image

Skip main navigation (Press Enter).

Endpoint Protection Small Business Edition

View Only

Back to discussions

Expand all | Collapse all

A high-risk intrusion was detected on... (but no further info available)

SIFIInfrastructureAug 21, 2015 05:47 AM

Hi, I am constantly receiving these e-mails from my Symantec Endpoint Protection .cloud service: ...

ℬrίαηAug 21, 2015 07:08 PM

Very similar question here with a response: https://www-secure.symantec.com/connect/forums/ids-alerts-contain-insufficient-information-can-they-be-disabled ...

1. A high-risk intrusion was detected on... (but no further info available)

0 Recommend
SIFIInfrastructure
Posted Aug 21, 2015 05:47 AM

Reply Reply Privately
Hi,

I am constantly receiving these e-mails from my Symantec Endpoint Protection .cloud service:

A high-risk intrusion was detected on SERVER.domain.local within group Servers on 8/21/2015 7:47:49 AM.

Intrusion Name
Attack: an intrusion attempt was blocked.

Targeted Application
None

Targeted IP
10.10.3.3

Targeted Port Number
0

Targeted Host Name
Unknown

Status
Blocked

But what exactly was the attacker trying to do? It would be incredibly helpful to know more about what triggered SEP to further hardening the server(s) in question.

The administration web site (hostedendpoint.spn.com) offers no further information.

How to I get the information out of SEP?
2. RE: A high-risk intrusion was detected on... (but no further info available)

0 Recommend
ℬrίαη
Posted Aug 21, 2015 07:08 PM

Reply Reply Privately
Very similar question here with a response:

https://www-secure.symantec.com/connect/forums/ids-alerts-contain-insufficient-information-can-they-be-disabled

See if it helps.

Copyright 2019. All rights reserved.

Powered by Higher Logic