Endpoint Protection

Is there any setting that will allow for more detailed notifacations? Currently we have Endpoint Manager set up so that it emails us every time a risk is detected. The problem is that it is often very vague, which is  unlike past "Norton" products I've used.

For example, in both the logs and email notification it often simply says "Trojan Horse". Well that's great and all, but what type of trojan horse is it? Another common type I find is "Downloader". Ok...that's descript.

Is this just a limitation of Endpoint or is there a way to set it up differently?

Thanks in advance.

No I think its the name by which symantec detects the threat hence its giving that E-mail Notification

 We have name for the virus but there are some file are named as trojan horse & downloader then in that situations you will receive a notification with that same name

go to https://www-secure.symantec.com/connect/idea/email-virus-alerts-have-less-info-compared-sav-10 and agree with the idea.

Although there are a ton of ideas that have been suggested since they started ideas, but I haven't seen any idea even being considered by Symantec.

Thanks for the response Saeed. If that is the case, how do we research what the threat is to see what possible damage it can do? Let's theoretically say that Symantec detects a trojan horse and is unable to succesfully take care of it. I can't very well research "Trojan Horse" on the internet and get a good explanation, as there are many different types of Trojan Horses and each one does things a bit differently.

Also, thanks for the link bjohn. That's one part of the problem, but the other part is that the logs themselves label it as "Trojan Horse". There is absolutely no way of viewing more detailed information about this particular trojan that I know of.

I'll make sure and post in that thread.

Just FYI...

You need to "agree" to the idea. Look on the top right of that post.

I know you probably won't find the exact inforrmation on the risk. When you go to monitors > Risk and view log, there is a link that takes you to the risk information on symantec's site.

I posted in that thread agreeing, as it is something I was sorely disappointed about.

On that note, I can't believe I've misspelled, or rather mistyped, "notification" twice in this thread. Ah well.

I am sure you might be knowing about what is a trojan  however let me give a little information about the same.

Trojan horse is a file which comes as a gift & then it open doors for other virus to come in..

Now the question "how do we research what the threat is to see what possible damage it can do?" As per the technical writeup

http://www.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99&tabid=2

(Symantec antivirus programs use Trojan horse as a generic detection when detecting many individual but varied Trojan horse programs for which specific definitions have not been created.

In these cases, a generic detection is used because it protects against many Trojans that share similar characteristics.

If a malicious program does not infect other files and does not automatically distribute itself, the program is usually labeled a Trojan horse.)

I hope this answer the above question....

But in situations where "Symantec detects a trojan horse and is unable to succesfully take care of it" .... Then it there could multipal reason for why  Symantec is detecting it & not taking any action on it... This will depending upon the situations....
I would suggest  you submit the file to our security response.

Maybe what Aeonus wants is to get a detailed reporting using SEPM and not knowing what a particlar virus is defined... also in the email alert sent by SEPM needs the link of folder where the virus came from..

That's pretty much what I was wondering, Nel. Symantec takes care of a trojan horse, then sends us a very non-descript email stating that a "Trojan Horse" was found and quarantined.

I go to look on the SEPM and can then view the directory under which the trojan horse was detected, but that's it. "Trojan Horse" is very non-descript, is there a name to this particular trojan, or is it unknown?

We get a lot of these non-descript "Trojan Horse" detections and it would be nice to know the name of it so that we can see exactly where people are getting this from.