Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM Application and Device Control Notifications

Created: 03 Nov 2011 • Updated: 09 Nov 2012 | 7 comments
JWatts's picture
3 Agree
1 Disagree
+2 4 Votes
Login to vote
Status: Implemented

We recently upgraded our server from Symantec Endpoint Protection v11 to v12. After about a week we started receiving TONS of Application and Device Control event email notifications. All of these events were just stating that the "Application and Device Control is ready" or "Device Successfully Allowed". These notifications seem to come at random and when they come our inbox gets flooded with 100's of emails. After opening 4 cases the last tech I spoke with did let me know that "Yes, we did change the notification conditions because a large customer requested the change. This large customer wanted to know that the application and device control was working properly on each PC". That kind of makes you feel like us small customers, who don't have the man power to open and read over 200+ emails at one given time to determine if there was a true security risk or not, may not really count?

My suggestion is that maybe we should treat these notifications in a "success" and "failure" kind of way. Give ALL customers, large or small, the ability to choose if they would like to see successes and\or failures. We small customers don't have an employee that has the time to wade through hundreds of emails a day to determine if a disallowed device was plugged in or if there was a true security risk that took place. When we receive 100's of emails at one given time we are beginning to kind of ignore them because we're almost pretty sure every notifications just states "The Applications and Device control is ready". We would only like to know if it's NOT ready or if we've had a disallowed device plugged into a PC.

I can't believe that if we received 100's at one given time how many that "large customer" receives at one given time. Do they really read each and every email notification?

Thanks for the time and consideration to give us small customers a voice. Now will it be heard or ignored?

Comments 7 CommentsJump to latest comment

justin_g's picture

I completely agree.  This type of alerting is ridiculous and amounts to nothing but SPAM for many of us who rely on *useful* alerts.

+1
Login to vote
Adrian Iwanczuk's picture

We just upgraded to 12.1 and have been getting these false positives quite a bit.  I would love to see this feature added in a future release to SEP.

+1
Login to vote
kforfa's picture

I submitted a case and was told that this feature was working as designed.  It was also suggested that I submit an enhancement request which I also submitted.  Let's see how responsive Symantec is to a not so large customer.

 

https://www-secure.symantec.com/connect/ideas/add-notification-unauthorized-devices-only

0
Login to vote
JWatts's picture

We have just pushed 12.1 RU1 due to issues with clients not receiving their definition updates, 12.1 RU1 fixed that issue, but there was no change in the notificaitions UGHHHHH!  We continue to receive emails with the subject "Security Alert by Number of Attacked Computers" HOWEVER nobody was "attacked" : )

0
Login to vote
kforfa's picture

No updates on this issue since February??  Is anyone at Symantec reading these posts.  We need an answer to this issue!!

0
Login to vote
ChetK's picture

The 'false positivies' notification is a problem.  I guess most admins don't set this notification.

0
Login to vote
Elisha's picture

This has been resolved in SEP 12.1.2 (RU2) due out later this month (November 2012).  In SEP 12.1.2 email Device Control alerts will only be sent for blocked devices.

0
Login to vote