Incident Response Script

Created: 15 Jul 2011 | 1 comment

burtin61

I have been working on a script that will provide some baseline information once a potential threat has been identified by Symantec Endpoint Protection. Currently, when either the user or helpdesk are made aware of a potential threat on a workstation, this script must be launched manually. Does anyone know of a way to trigger a script to run once SEP has identified a potential threat on the workstation?

Discussion Filed Under:

Security, Endpoint Protection (AntiVirus) - 11.x, Endpoint Protection (AntiVirus), Emerging Threats, Security Risks, Monitoring, Reporting, Troubleshooting

Comments RSS Feed

Comments 1 Comment • Jump to latest comment

Rafeeq

Incident Response Script - Comment:15 Jul 2011 : Link

You can create a notification in the SEPM. Like notifiy when system is infected; You can also run a batch file based on this

Creating notifications in the Symantec Endpoint Protection Manager

http://www.symantec.com/business/support/index?page=content&id=TECH91622

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

Incident Response Script

Comments 1 Comment • Jump to latest comment

Would you like to reply?

Links