Endpoint Protection

 View Only

  • 1.  risk report details for a specific computer

    Posted Jun 08, 2012 07:48 AM

    I can generate reports that display the name of the risk/virus detected and the computer name, but what I need is the path and filename that was infected.



  • 2.  RE: risk report details for a specific computer

    Trusted Advisor
    Posted Jun 08, 2012 07:56 AM

    Hello,

    You would have to Export the Risk Logs.

    Here are the steps:

    SEPM > Reports > Change the Log Type: "Risk " > Select the Time range > Click on Advance Settings and Select the right options > Click " View Log " > Click on "Export"

    About log types

    http://www.symantec.com/docs/HOWTO27271

    The Risk log contains information about risk events. Available information includes the event time, event actual action, user name, computer/domain, risk name/source, count, and file/path.

    Secondly, You can take the following actions from this log:

    • Add Risk to Centralized Exceptions Policy

    • Add File to Centralized Exceptions Policy

    • Add Folder to Centralized Exceptions Policy

    • Add Extension to Centralized Exceptions Policy

    • Delete from Quarantine

     

    Hope that helps!!



  • 3.  RE: risk report details for a specific computer

    Posted Jun 08, 2012 08:10 AM

    Try this report once.

    Monitor-->logs-->risk. You can export it as a .csv file and read using excel.



  • 4.  RE: risk report details for a specific computer

    Posted Jun 08, 2012 01:53 PM

    Hello Anand_N,

    1. Login to the SEPM
    2. Click Monitors
    3. Click Logs
    4. Set Log type to Risk
    5. Click View Log
    6. Select the risk event you are interested in and click Details
    7. The path to the file will be listed next to "File or path:"

    Regards,

    James