risk detection and notification
Dear Symantec support
May I have your assistance to confirm below questions?
In our SEPM server, we created "Notification Single risk event" and "Risk Outbreak" with criteria "1 computers with virus definitions older than 7 days", and the notification will be send to administrators.
Case 1: In auto protection policy,risk detection action: 1st Cleaned , 2nd Leave Alone (Log only)
1). --> When a (single or above)threat/risk is cleaned, obsolutionly that notification will be triggered and we can receive the notification email,right?
2). --> When a (single or above) threat/risk is unable to be cleaned, we will receive the notification email AND the infected file is still there ?
According to your KB, if it's a Trojan, it would be deleted cuz cleaned by deletion. But how about other suspected risk ?
***We want to know all possible cases that suspected risk file will be "cleaned by deletion" if Symantec cannot "Clean" it. Our concern is ,if the affected file, or suspected file is system file, we don’t what it to be “cleaned by deletion”.
Case 2: If risk detection action is: 1st Leave Alone (Log only)
When a (single or above) threat/risk is found, we will receive the notification email and the infected file is still there ?