Video Screencast Help

Symantec Endpoint Manager Reporting

Created: 09 Aug 2012 | 9 comments

Hi All

Out of interest, how do other Symantec Endpoint users keep an eye on your clients and monitor them for out of date definitions?
I have to create a new process for our helpdesk to create daily or weekly reports on clients with old defs.

When you log into the EndPoint manager you can see a quick summary (Up-to-date , Out-of-date, offline, disabled). Can anyone tell me what the EndPoint manager classes "out-of-date" under "EndPoint Status". i/e is it machines with definitions older than 10 days and that have contacted the manager within x days??   ( I've attached a picture )

How else do others do it, use the built in reporting for daily reports?

Any advice, recommendations and info on how you do it would be really good

Thanks !

 

Comments 9 CommentsJump to latest comment

Alex_CST's picture

I guess it depends on how much you value the up-to-date definitions.  Are your end users high risk?  What other factors do you have to mitigate infections?  What would be the damage to your business if there's an outbreak?  These are all questions you should ask yourself in order to determine the criterion of "out-of-date"

Personally I would say 7-10 days for computers connected to the network, and maybe up to 30 for external users (laptops etc) so create 2 reports - weekly probably for your helpdesk to look at, and action if necessary - be it purging old machines or investigating why they arent updating.

Remember itll say they're out of date even if they're switched off so when they go on vacation or long term leave also, so it will be a balancing act between proactively seeking machines that are having issues updating, and simply machines that are off due to their users being on holiday.

 

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

DannyUK's picture

Hi weevil, thanks for your response

Firstly can I just mention that when looking at any reports within the Endpoint Manager there is a "Time Range" drop down which allows you to Exclude machines which have not checked into the manager within this time scale.  Like you mentioned: users on holiday. I dont want to pick up their machine in my report and waste time trying to contact them (because they are on holiday) so therefore when running reports we will set the Time Range drop down to 'past week' so that the report produced will only show machines with old definitions and that have checked in within the last week.

If a machine has old definitions but is remote or is no longer in use, we dont care about them as long as they stay off of our network.   We only care about them if they are connected to our network and reporting into the manager.

In answer to your first questions - we want to run weekly reports to pick up on machines which are connected to the network only and are not getting updates - so are potentially broken. We are not necessarily in a high risk environment however we need to ensure we are monitoring the environment and have a process to pick up on clients which are not updating for whatever reason. We are regularly audited on our antivirus procedures and I need to provide evidence that we monitor security and take action when needed.  

 

Regards

Ashish-Sharma's picture

You can give Limited Administrator Rights in user ID.

we can be able to only view reports rights.

 

Thanks In Advance

Ashish Sharma

 

 

DannyUK's picture

Hi Ashish - sorry not sure what your post is telling me

.Brian's picture

I have a notification sent to me every day to alert on computers that are out of date after 7 days.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DannyUK's picture

Hi Brian

Can you cofirm how you've set that up for me please? Are you using Monitors > notifications and then what are the conditions you've set? 

Thanks

.Brian's picture

Monitors > Notifications > Notification Conditions

Add the notification "Virus definitions out-of-date"

And here's how it's set up for workstations:

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

DannyUK's picture

Thank you Brian I will give this a try and see what results I get.

Ashish-Sharma's picture

HI,

Check this artical.

Daily reporting should consist of AV definition, number of clients, servers, gups, outdated virus defs count, SEPM health check, backup etc.

https://www-secure.symantec.com/connect/articles/sep-daily-management-reporting-template

 

and you can set mail notification of virus defination etc.

Thanks In Advance

Ashish Sharma