Endpoint Protection

 View Only

  • 1.  SEPM - alert if service on clients hangs

    Posted Apr 21, 2016 05:48 AM

    Hi there fellow security guys :-)

    i just had a client (W7 enterprise, SEP 12.1.6608.6300), where SEP was installed but the service was not started. Is there chance to configure an alert/a notification for that kind of status.

    e.g.: if a client is reachable (ping), has a client/server OS but has no SEP installed (or is out of date) the send a mail to the admin.

    any tipp would be appreciated.

    cheers from austria

     



  • 2.  RE: SEPM - alert if service on clients hangs

    Trusted Advisor
    Posted Apr 21, 2016 06:41 AM

    Have a look at Monitors -> Logs -> and click on the Compliance Options under Computer Status for the Log type.

    It's a little bit limited, but with testing, you should be able to set up an alert based on it.



  • 3.  RE: SEPM - alert if service on clients hangs
    Best Answer

    Posted Apr 21, 2016 07:42 AM

    You would need to use an unmanaged detector to find clients without SEP and setup alerts based off this:

    How to enable the Unmanaged Detector in Symantec Endpoint Protection Manager (SEPM)

    Configuring a client to detect unmanaged devices



  • 4.  RE: SEPM - alert if service on clients hangs

    Posted Apr 22, 2016 02:42 AM

    thx. the unmanaged detector was that kind of component that i obviously overlooked.

    cheers



  • 5.  RE: SEPM - alert if service on clients hangs

    Posted Apr 22, 2016 04:27 AM

    does unmanaged detector also report client if the services is not started ?



  • 6.  RE: SEPM - alert if service on clients hangs

    Posted Apr 22, 2016 06:53 AM

    i don't think so. but with the unmanaged detector on the one hand an the Virus Definition Distribution on the other hand i think one can narrow the number of potential damaged clients down.