Hi guys,
Since I'll be getting involved in the maintenance of a SEP 11.0 implementation, I've just been handed a weekly report "Comprehensive Risk report" which contains a lot of statistics. I've got various questions regarding the content in order to understand what's happening, but the manuals I've downloaded don't give many answers...
In the "Risk Distribution by Risk Name" section, I see thousands of W32.Downadup.B and W32.Downadup (confiker) reported. They are in the order of 99% of all risks found. Various fileservers report hundreds of attempts and various clients also, in the "Risk Distribution by Computer" section.
I see that 98 percent of these were generated by the AutoProtect scan and 1% by the scheduled scans in the "Risk Distribution by Event Source" section.
And finally, (I purposedly skipped other sections) in the Detection Action Summary, I see that :
- 500 were cleaned
- thousands were blocked
- 500 were quarantined
- 20 were deleted
- 500 were manually repaired
- 600 were newly infected
and many thousands are Still Infected!
My interpretation of the data was that many attempts were being made to infect the systems, but that they were all blocked, one way or another, by SEP. The last two lines though seem to indicate I have a big problem. Is that so? How is the Still Infected total calculated? Is there any source (manual, whitepaper,etc.) that can explain (to a newbie) what the data reported means on a field-per-field basis?
I know that my questions are probably very simple, but I haven't found anything really useful and I'm afraid that we've got a major problem.
Thanks for your help, Joe