Email virus alerts have less info compared to SAV 10
Updated: 01 Jul 2009 | 11 comments
Status:
In Development
In SAV Reporter, a virus alert email contained much more information about the risk by including the file/path of the virus. This information is crucial when it comes to finding the risk on the affected system. With SEPM, the virus alert email contains very limited information. Yes, I know it's possible to look at SEPM and find more information, but obviously it's not always practical.
Please see this thread for more info:
https://www-secure.symantec.com/connect/forums/ema...
Please modify SEPM virus alert emails to contain more information, particularly the filename/path.
Thank You
idea Filed Under:
Comments
please vote
Please vote if you are interested in seeing this enhancement. We do depend on your feedback to understand the importance and priority of the request.
Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec
we need also to see the link
we need also to see the link where the infection occured...
in the details area we could see it..
but when SEPM server notifies the admins, no file link could be seen...
Nel Ramos
we also need to see the file
we also need to see the file type so that it would be easy for us to determine it.
This is a must have for us,
This is a must have for us, to be honest.
need to give more
need to give more details..
since SEP is an upgrade of SAV...
Update
We are looking to add this in a release after 11.0.5.
Please tell me the type of details that you believe are necessary. So far the common request that I have seen is
file name and path.
The two others from this post are
file type
link where infection occured (please elaborate on what you mean)
JimW
Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec
NAV 10 Alert
Something like this
This is from Nav 10
6/26/2009 12:32:28 PM
Forward from client:Scheduled
Adware.P2PNetworking
C:\Documents and Settings\Owner\Local Settings\Temp\p2psetup.exe
Quarantine (what it tried to do)
Leave Alone (what it actually did)
The email sent should also combine alerts into 1 email if they are so close in time.
example
6/22/2009 12:55:00 PM
Forward from client:Invalid : (15)
Adware.ZangoSearch
C:\Program Files\Internet Explorer\iexplore.exe
Delete
Leave Alone
6/22/2009 12:55:07 PM
Forward from client:Invalid : (15)
Adware.IE
C:\Program Files\Internet Explorer\iexplore.exe
Delete
Reboot Required
Should be 1 email instead of 2 emails. Even if the virus name is different.
great feedback
Thank you for the feedback. I have passed these ideas to my team.
JimW
Jim Waggoner Director Product Management, Symantec Endpoint Protection, Enterprise Security Group, Symantec
Yes, path and file are
Yes, path and file are critical to finishing our SEP rollout. .
Machine name and userid are critical to continue.
"Forward from Client" is clutter. (Harder to scan through hundreds of alerts.)
Malware name such as BancoStealer.C is important.
Please continue with the information in this SAV 10 example.
Perhaps "link where infection occured" is referring to RiskTracer? At any rate, it is unfortunate for us that ReiskTracer is no longer available in Antivirus: you have to enable IPS and use a Firewall Policy for it to work. We may never be able to enable IPS here, especially inside of the corp. firewall.
Thanks
John
I run IPS without the
I run IPS without the Firewall and Risk Tracer runs just fine. No problems with IPS, it has identified bots on our network.
Any more news!
Hi Guys,
Would there be any news regarding this issue as I would be very interested in learning about alerts and the information they contain. I concur with the information and layout John Copperfield requires and would be ideal in becoming more proactive.
A mention was made about this function being available in the next management release. What is the likelhood of this happening in MR6?
Many Thanks
Steve
Would you like to reply?
Login or Register to post your comment.