Endpoint Protection

I'm getting a popup from the SEP system tray icon when I visit the backend of my company website. It reports a malious toolkit varient and then blocks access to the site.
When I look through the logs for more details I can't find any trace of this message. Can anyone tell me where this information is stored?

You'll want to open your SEP client, click "View Logs" . Then click on the Anti Virus / Antispyware "View Logs", then "Risk Logs". You may also want to look in the "Threat Logs" under the Proactive Threat Protection section.

If its blocking access to the site, it is being triggered by the IPS component's "Active Response".  There are a few options.

1)  Your site really is compromised, clean it. :)
2)  It's a false positive, identify the source, then go into your IPS policy and set the signature for that detection to do nothing.
        In the IPS policy, go to exceptions add that sig, tell it to allow (optionally log)
3)  Turn off "active response" so it no longer blocks the site (still have to live with the popups and site might still be compromised)
4)  Turn off IPS completely, because all the above are way too much work, I don't care if im compromised or not and I'm lazy :)

EDIT: 2a)  Add an exclusion for that IP to the IPS policy, probably a slightly more secure way than ignoring that sig altogether.