Endpoint Protection

 View Only

  • 1.  SEP Reports

    Posted Dec 22, 2015 11:22 AM

    I want to set up daily reports to send to our desktop support team so that they can handle viruses/spyware, etc.  I know how to do that, but I want to make sure that I'm following best practices and sending them the most useful reports that I can.

    I know that for some types of security issues, SEP can clean or quarantine it on its own.  I'd like to create a report just for the other items....that require user intervention...and send that to my desktop support team on a daily basis.

    For an issue that gets missed, I'd like it to continue to show up on the daily report until it's fixed.  For example, if there is a problem that gets detected on a Monday, and it is not fixed, I would like it to be listed in Tuesday's report.



  • 2.  RE: SEP Reports

    Posted Dec 22, 2015 11:25 AM

    It would be under Monitors. You can pick the Single Risk Event alert and but instead set it to only alert on items that had instances of repair failing or virus not being cleaned , quarantine failed etc.

    It's similar to how you would setup alerts now except you would specifically pick these triggers instead.

    Monitors page >> Notificatons tab >> Notification Conditions

    Pick the Single Risk Event

    Under Action Taken is where you can specific actions that you want the alarm to fire on.



  • 3.  RE: SEP Reports

    Broadcom Employee
    Posted Dec 22, 2015 02:21 PM

    Hi,

    Manual intervention is required against infected and at risk computers. The Risk log and reports include information about risk events on your management servers and their clients.

    Pull out Risk reports by selecting following report type. Specify the custom time range if necessary or keep default. You may have to specify custom time range because by deault it selects last 24 hours time range.

    Log and report types Typical uses
    Infected and At Risk Computers Use this report to quickly identify the computers that need your attention because they are infected with a virus or a security risk.

    Refer the following article:

    About Risk reports and logs

    http://www.symantec.com/docs/TECH95543



  • 4.  RE: SEP Reports

    Posted Dec 31, 2015 10:03 AM

    Thanks.  So running a daily Risk Report of all "Infected and At Risk Computers" would show us everything that requires manual intervention, correct?  I assume it would not show anything where SEP was able to clean/quarantine or somehow automatically fix it.

     

    If a threat were detected on a machine and it showed up in the daily report, I assume it would show up each day until it was fixed, correct?  Then when someone takes the proper manual steps, it should no longer appear the report.

     

    Are all of my assumptions correct?  I want to make sure that I'm not missing something.



  • 5.  RE: SEP Reports

    Posted Dec 31, 2015 10:06 AM

    Thanks.  So running a daily Risk Report of all "Infected and At Risk Computers" would show us everything that requires manual intervention, correct?  I assume it would not show anything where SEP was able to clean/quarantine or somehow automatically fix it.

    Yes.

     

    If a threat were detected on a machine and it showed up in the daily report, I assume it would show up each day until it was fixed, correct?  Then when someone takes the proper manual steps, it should no longer appear the report.

    Yes, this should also be the case.