Endpoint Protection

 View Only

  • 1.  Intrusion Prevention Logs

    Posted Apr 16, 2010 08:18 PM

    I've enabled Intrusion Prevention policy however after several hours there is nothing in the logs; the Firewall policy is off. Is nothing logged on the clients unless there is an attack?

    Thank you!



  • 2.  RE: Intrusion Prevention Logs

    Posted Apr 16, 2010 08:57 PM
    Thank you Brian81! I'll give this a try over the weekend


  • 3.  RE: Intrusion Prevention Logs

    Posted Apr 16, 2010 09:15 PM


    Title: 'Where are Intrusion Prevention events logged on the Symantec Endpoint Protection Client and Symantec Endpoint Protection Manager?'
    Document ID: 2009081113563248
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2009081113563248?Open&seg=ent



  • 4.  RE: Intrusion Prevention Logs



  • 5.  RE: Intrusion Prevention Logs

    Posted Apr 24, 2010 07:34 PM
    I could not cause an event using the Symantec instructions. How do I know this is working?


  • 6.  RE: Intrusion Prevention Logs

    Posted Apr 25, 2010 09:05 AM

    Try a ping of death from a machine with NTP installed

    ping -l 65000 PC name or IP address


  • 7.  RE: Intrusion Prevention Logs

    Posted May 07, 2010 10:59 PM
    Hi Brian81, I should get back here more often. Thanks for the info! I tried ping and got an instant alert from SEP but nothing in the logs.


  • 8.  RE: Intrusion Prevention Logs

    Posted May 08, 2010 08:17 PM
    OK, ping-of-death worked and was stopped but nothing logged in NTP logs. Is this normal?