Endpoint Protection

Hi all,

I would like to enquire if the number of detections counts for the "action distribution against risks" could be reset or lowered? As the count have been increasing overtime and it currently highlights quite a significant amount of detections.

If possible, i would like to know if theres any documentations or manual that i could refer to in the understanding of how these detection counts were obtained so that a better analysis could be carried out to understand the current security status. 

Any help provided would be deeply appreciated.

This would happen automatically via the SEPM. I can't much in the way of documentation specific to this particular category though. You may want to take a more granular approach and run the Risks log (Monitors >> Logs >> Risk Logs) to see what exactly is going on. You can export to CSV and drop into Excel and filter on the Event/Action category.

Hi Raydon,

Thansk for the post.  Can you supply an example of what you're seeing / looking to get reset?

Thanks in advance!

Mick

Brian:

Thanks Brain, thats a better approach into investigating the individual risks that may still be residing on the network. However, i would like to understand more about how these number come about for each category such as ie. repaired, pending repair, failed to repair, still infected file count within the action distribution report. Taking for example, does risks that are "left alone" contributes to the number of detections count for "failed to repair"?

Mick:

As attahced is the report that i am currently looking into:

They would be separate from one another.

Fro example, failed to repair means SEP simply couldn't remdiate the issue for one reason or another. I would recommend attempting to remove in safe mode or some sort of manual removal.

Left Alone is one of the settings you can configure as an action. Check to make sure this isn't one you have set.

But i would like to know if the detection counts for failed to repair is going to decrease over time when new virus definitions files are released or when these risk are effectively removed from the computer via booting into safe mode?

Secondly, i would like to know if these detection counts could be reset every week to provide a more accurate report for the number of files that are failed to repair over a specific period(a week). 

It would decrease if newer definitions can eventually fix the problem. But again, this is one category you want to look at closely as manual intervention may be needed to remove.

They cannot be reset. This would all be taken care of automatically by the SEPM.