Endpoint Protection

Just using a hypothetical example here, let's say the "blacksky virus" comes out and it is new code, if it starts to infect my network and it hits over 100+ machines, what I want to know is how to trace where it originally came from. I would like to be able trace the point of origination, how can this be done? Is this possible? What I am asking is to be able to have the ability to isolate the point of entry for threats.

Thank you.

Yes this can be possible.

Enable NTP.
In the antivirus and antispyware policy select filesystem autoprtect.In the advance tab click risk tracer .here select enable risk tracer .and select resolve the source computer ip adddress.

this will trace the ip address of the source . then you can see the logs in "Monitor" select "risk" as log type.
chose advance  and select  the settings as per your needs and analyze the logs to find the source.

When the NTP and PTP is installed along with AV and AVS we have extra logging .We have the

1. packet log
2. System Log
3. Traffic Log
3. Threat Log

The combination of all these will help us to find the origin

Threat log (PTP)  has the information:

Title: 'What is Risk Tracer?'
Document ID: 2007092711352448
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2007092711352448?Open&seg=ent

I can see how it is done on the client, but I would like a central location on the server to tell me.

Thank you.

You will see this information in the SEPM > Monitor Tab.

But there are a considerable amount of optiions, what I want to do, is run what was a "risk history" in SAV on SEP.

This link  shows how to set that in SEPM

What is Risk Tracer?
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007092711352448