Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Symantec Antivirus Endpoint 11 - How to block specific alerts

Updated: 22 May 2010 | 2 comments
Boatcephus's picture
Boatcephus
0 0 Votes
Login to vote

 Is there a way to tell our AV clients not to flash an alert for a specific event? For instance, we have a daily Nessus scan that runs in the afternoon. We get unneccesary Help Desk calls form people spooked when they see the scan alert. I don't want to totally disable ll alerts. I'd just like the client AV not to falsley worry the natives.

Thanks!

discussion Filed Under:
, , , , ,

Comments

Kedar Mohile's picture
03
Nov
2009
1 Vote +1
Login to vote
Kedar Mohile
Symantec Employee

Nessus scan and IPS

Nessus scan would usually get detected and notified by the IPS component in SEP

If you do not wish the user to be alerted by the same for some reason you can follow the steps below:

  1. Login to SEPM
  2. Go to Monitors > Logs > NTP Logs > Attacks
  3. You should find the alerted event with a Unique SID, make a note of the SID
  4. Now click on the Policies tab in the SEPM > Click on IPS policies and Then click on Edit on the IPS signature which is applied to the SEP clients affected
  5. Click on the exceptions tab, Click Add and Add the same SID which gets detected at the time when a Nessus scan is run
  6. You choose both the ACTION to perform and LOG for the relative SID

Hope this helps. Thanks :-)

Kedar Mohile http://kedarmohile.blogspot.com

Bryon's picture
03
Nov
2009
0 Votes 0
Login to vote
Bryon

You can setup Centralized

You can setup Centralized Exception policies for the AV clients to ignore or log the Nessus scans. 

http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/f7602d481cc0cb8e882574020062b021?OpenDocument

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,916