Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Top source of attacks shows Zero

Updated: 03 Sep 2010 | 13 comments
Farzad's picture
Farzad
Certified
0 0 Votes
Login to vote
This issue has been solved. See solution.

The console shows that we have some attacks in our network ( and I am sure we have some), however the report shows the number of attacks zero.
What can be the issue?

We have
Almost 2000 Clients
3 SEPM server
DB is SQL 2005

We have recently upgraded to MR6 and we didn't have the issue before the upgrade.

Discussion Filed Under:
, , , , ,
Group Ownership:
Melbourne Endpoint Management User Group, Sydney Endpoint Management User Group

Comments

Rafeeq's picture
26
Jul
2010
1 Vote +1
Login to vote
Rafeeq

hi

i think you should create a report for attacks than top source of attacks

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

Farzad's picture
26
Jul
2010
0 Votes 0
Login to vote
Farzad
Certified

Maybe this report clarifies more
 

AttachmentSize
Report1.pdf 131.89 KB

Symantec Certified Specialist  \  MCSE +Security  \  CCNSP

Farzad's picture
26
Jul
2010
0 Votes 0
Login to vote
Farzad
Certified

Rafeeq
would you plz explan more. What should I exactly do?

Symantec Certified Specialist  \  MCSE +Security  \  CCNSP

Farzad's picture
26
Jul
2010
0 Votes 0
Login to vote
Farzad
Certified

any hint?

Symantec Certified Specialist  \  MCSE +Security  \  CCNSP

AravindKM's picture
26
Jul
2010
0 Votes 0
Login to vote
AravindKM

Restart SEPM service once and try to create reports again....

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Farzad's picture
02
Aug
2010
0 Votes 0
Login to vote
Farzad
Certified

I restarted the SEPM services, but didn't work.
Another point is that the Attacks graph in the Home section disapears and shows a cross something like can't open picture.

Symantec Certified Specialist  \  MCSE +Security  \  CCNSP

AravindKM's picture
02
Aug
2010
0 Votes 0
Login to vote
AravindKM

Enter subject (optional)

Can you provide us a screen shot...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Farzad's picture
02
Aug
2010
0 Votes 0
Login to vote
Farzad
Certified

The screen shot

Attack Null.jpg

Symantec Certified Specialist  \  MCSE +Security  \  CCNSP

Farzad's picture
02
Aug
2010
0 Votes 0
Login to vote
Farzad
Certified

Surprise!!!
Eventually the graph comes up with no issue! But it disappears sometimes!
Come on! That is crazy!
Alright, let me summarize:
 

  1. The Top source of attack report shows ZERO, although the graph shows we have intrusions
  2. The Attack graph disappears and shows error
  3. The Attack graph is shown without any issue eventually and disappears every now and then

Symantec Certified Specialist  \  MCSE +Security  \  CCNSP

AravindKM's picture
02
Aug
2010
0 Votes 0
Login to vote
AravindKM

Do you tried by removing IE enhanced security?

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

kavin's picture
02
Aug
2010
0 Votes 0
Login to vote
kavin

Are you remotely accessing the SEPM???
Check the screen resoltuion it should be 32 bit. for clour quality.

AravindKM's picture
02
Aug
2010
0 Votes 0
Login to vote
AravindKM

Try this also
KB 935560

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

Farzad's picture
02
Aug
2010
0 Votes 0
Login to vote
Farzad
Certified

The reason that the Top Source of Attacks was ziro:
the IPS policy has a tick indicating whether the policy should be enabled or not. It was not checked!

Symantec Certified Specialist  \  MCSE +Security  \  CCNSP

SOLUTION

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,003