Hi Everyone,

This might be an easy question. I can't seem to find the "New Risk Found" report in the SEPM. I've checked - Monitors>Notifications>Notification Conditions. I wanted to added a couple of new e-mail addresses to the report.

In the mean time, I created a new report - single event risk event and sent the e-mail to the required addresses. It works, but I figured I would throw this out there. Thanks for the help!

Mike

You say you want a report, but under Monitors > Notifications, you can only create notifications. Notifications are event-driven, scheduled reports are, well, scheduled.

Under Reports > Scheduled reports > Add ... , you can configure a scheduled report like this: Risk report/New Risks Detected in the Network.

Creating administrator notifications

http://www.symantec.com/business/support/index?page=content&id=HOWTO27256

How notifications work

http://www.symantec.com/business/support/index?page=content&id=HOWTO55051

Solution

1. Connect to SEPM

2. Go to "Monitors"

3. Go to "Notifications" tab

4. Click on "Notification Conditions" button at the bottom of the console

5. Click on "Add..." and select "Client Security Alert"

6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type

7. Check "Application Control Events"

8. Specify condition and damper settings

9. Check "Send email to:" and type email address to use

10. Validate

 NOTE: more details available regarding each setting by clicking on "Help" button at the bottom of the window

Thank you for information. I understand. The issue that I'm having is the "New Risk Found" notification isn't listed here - SEPM->Monitors->Notifications>Notification Conditions. But, the notification is being sent on a risk event. Is there another place I can check?

Mike

check the notification name you receiving it.

In SEP 12.1 the notification "Risk outbreak" is enabled by default. Perhaps that's the reason for your notification.

Or take a look at Monitors > Notifications, change an appropriate time range, click View Notifications, search for the "New Risk Found" (or soemthing like this) notification and click on the report symbol.

In my SEPM there is a Notification named "New Risk" in the Notification Conditions.  Its Actions are specified to email *another* SEPM administrator and to Log.  When I look at the Notification list going back 24 hours or one week, it lists only those notifications that this other SEPM admin created - there are none showing as created by me or for me.

I even edited his notification and checked to see whether email to system admin was checked or not.  I found nothing other than his email address and the log.

So there must be another explanation as to why I am receiving these "New Risk Found" emails.  They appear to be in the formatted SEPM report style.  I checked Reports and found no report called "New Risk Found."

I am dumbfounded and a little steamed...

Rich