Endpoint Protection

I am setting up a new implementatino of SEP in my organization and was wondering if there is a way to monitor when a client's Endpoint Protectoni (or one of its components) has been turned off or disabled?  I am locking down the controls for that but also wanted to enable a monitor to alert me should someone or something get around those locks or if there is something wrong with the SEP client.

Thanks.

As i know there is nothing to configure to get alerts of disabled endpoint components and you have to monitor it day to day on SEPM.

Hi,

Reports can provide clients status. But it's not possible to set alert when something wrong with SEP client.

I have put this requirement into Idea you can check here:

https://www-secure.symantec.com/connect/ideas/alerts-disabled-endpoint-components

Hello,

I would rather suggest you to go with Computer Status Report.

Reference:

About Computer Status reports and logs

http://www.symantec.com/docs/TECH95541

About the different types of Symantec Endpoint Protection Manager Reports

http://www.symantec.com/docs/TECH95538

To add more:

What do the different Notification Conditions for email alerts mean?

http://www.symantec.com/docs/TECH91535

Creating notifications in the Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH91622

If you have a Security Information or Event Manager like SSIM, CISCO Mars, ArcSight you can do that, you can create a incident for that.

However in SEP you can view it either from Home Page or you can add it in your daily Report/Checklist.

Having to run a report to get the information seems kind of after the fact but I suppose it's better than nothing.  Thanks everyone for your comments/suggestions.