Video Screencast Help

What is a "new risk?"

Created: 20 Sep 2012 • Updated: 21 Sep 2012 | 5 comments

What is the difference between a "new risk" and a "single risk event?"

Comments 5 CommentsJump to latest comment

rmoc's picture

We did a test virus yesterday and got flooded with emails.

We deleted the "single risk event" notifications.  Apparently that's an unsolved SEP issue.

We still have "new risk" notifications set up.  What does "new risk" mean exactly? 

We ran another test today.  Same test virus.  We don't get any notification though -- This is because that virus has already been seen on that machine, right?   Seen and deleted yesterday.  Ditto for today, but no notification since it had been seen before.

 

Ah... Nevermind.... The email just came in.  It took a full ten minutes.

rmoc's picture

That's our solution to the notification flood problem -- delete the "single risk event" notification which floods.  Just have "new risk" notifications.

 

We're still wondering exactly how Symantec defines those though if anyone knows.

Ashish-Sharma's picture

hi, Check this thread

http://www.symantec.com/connect/forums/whats-difference

Check symantec employee coments

Idimple Symantec Employee

Single Risk Event" will notify you each time a threat is detected. "New Risk Detected" refers to a risk new to the network

 Single Risk:The detection of a single risk event triggers this notification. The notification lists a number of details about the risk, which includes the user and computer involved, and the action that Symantec EndpointProtection took.

New Risks : are calculated from the last database sweep and for the time period that is configured on the Home and Monitors tab of Preferences.

For example, suppose your Preferences time range is set to the past 24 hours. And suppose that your database is set to sweep every week on Sunday night and delete the risks that are more than three days old. If a particular virus infects a computer in your network on Monday, that is reported as a new risk. If another computer is infected with the same virus on Wednesday, that is not reflected in this count. If this same virus infects a computer in your network on the following Monday, it is reported here as newly infected. It is reported as new because it occurred during the last 24 hours and Sunday the database was swept of entries older than three days. The previous risk detections occurred more than three days ago, so they were deleted from the database.

 You can go to following link for more information.

http://www.symantec.com/connect/forums/whats-difference

http://www.symantec.com/connect/forums/email-notifications-8

 

Thanks In Advance

Ashish Sharma

 

 

Mohan Babu's picture

Nice one

Mohan Babu

moglie20@gmail.com

+91 9884382160

Your satisfaction is very important to us.If you find above information helpful or it has resolved your issue...please mark it accordingly :)