Endpoint Protection

 View Only

  • 1.  SEP top of source attacks report

    Posted Sep 16, 2009 02:48 AM
    dears,
    i have a question,
    i created a report that generates the top sources of attacks, however i got some sources asa top sources attacks but they didnot appear in the infected computers , why ?

    how can i deal with these sources (PC's) to eliminate such things in future .


    regards


  • 2.  RE: SEP top of source attacks report

    Posted Sep 16, 2009 03:09 AM
    Can you give more details about type of attack. 


  • 3.  RE: SEP top of source attacks report

    Posted Sep 16, 2009 03:14 AM
    Just because those computers are shown as Top Sources of attack does not mean that they are infected right now.

    Its possible that the infection was taken care of automatically. You can enable risk tracing on the clients to have more enhanced information from the clients.

    Best,
    Aniket


  • 4.  RE: SEP top of source attacks report

    Posted Sep 16, 2009 03:30 AM
    The above reports is for Network threat protection, which is a firewall kind of thing.

    when network threat attacks happen they always have a source from where they are comming.

    may be a network traffic you can imagine..

    top sources of attack [Used for tracing Network Attacks]

    It can have information about the MAC spoofing attempts. Reverse DNS Lookups, TCP Resequencing attacks , these are listed under your top network attacks.

     



  • 5.  RE: SEP top of source attacks report
    Best Answer

    Posted Sep 16, 2009 03:38 AM
    Hi this should give you a good report.

    About Network Threat Protection reports and logs

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009081410460448