Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Where are the severity rating for Viruses/etc in SEPM?

Created: 07 Aug 2013 | 4 comments

Hello,

   Currently running v12.1.2 (RU2), and have a PC that's gotten an infection that SEPM indicates it cleaned by deletion.  This is not the issue.

   What we want to know is how to look up the severity rating for that infection, as we are committed to respond in different ways - depending on the severity.

   It doesn't show up in the "Single Risk Event" email that the SEP Mgr sent us, and I can't find anything in the SEP console that tells me this.It also isn't indicating the level in any reports that can be located that indicate an infection occured.

  It would be really great if this was on the Symantec site so that I could just go look it up.

  Is there such a thing?

Operating Systems:

Comments 4 CommentsJump to latest comment

.Brian's picture

If you go to Monitors >> Logs and run the Risks Report, you can select and entry and click Details.

There is a section called Risk information which shows a Risk Severity and gives a number

You can than search it on the ThreatExplorer

http://www.symantec.com/security_response/

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Kevin Murphy's picture

Excellent!

Is there anything that I can check out that says what Severity number means?

Thanks,

Kevin Murphy

LAN Admin III

.Brian's picture

I don't believe there is a formal scale. 1-10 with 1 being low, 5 being medium, 10 being high.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Thank you for posting in Symantec community.

I would be glad to answer your query.

You can construct custom filters by using the Basic Settings and Advanced Settings to change the information that you want to see. You can save your filter settings to the database so that you can generate the same view again in the future. When you save your settings, they are saved in the database. The name you give to the filter appears in the Use a saved filter list box for that type of logs and reports.

Saving and deleting filters

http://www.symantec.com/docs/HOWTO27267

Also, check these articles.

About the different types of Symantec Endpoint Protection Manager Reports

http://www.symantec.com/docs/TECH95538

About Computer Status reports and logs

http://www.symantec.com/docs/TECH95541

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<