SEPM Application and Device Control Notifications
We recently upgraded our server from Symantec Endpoint Protection v11 to v12. After about a week we started receiving TONS of Application and Device Control event email notifications. All of these events were just stating that the "Application and Device Control is ready" or "Device Successfully Allowed". These notifications seem to come at random and when they come our inbox gets flooded with 100's of emails. After opening 4 cases the last tech I spoke with did let me know that "Yes, we did change the notification conditions because a large customer requested the change. This large customer wanted to know that the application and device control was working properly on each PC". That kind of makes you feel like us small customers, who don't have the man power to open and read over 200+ emails at one given time to determine if there was a true security risk or not, may not really count?
My suggestion is that maybe we should treat these notifications in a "success" and "failure" kind of way. Give ALL customers, large or small, the ability to choose if they would like to see successes and\or failures. We small customers don't have an employee that has the time to wade through hundreds of emails a day to determine if a disallowed device was plugged in or if there was a true security risk that took place. When we receive 100's of emails at one given time we are beginning to kind of ignore them because we're almost pretty sure every notifications just states "The Applications and Device control is ready". We would only like to know if it's NOT ready or if we've had a disallowed device plugged into a PC.
I can't believe that if we received 100's at one given time how many that "large customer" receives at one given time. Do they really read each and every email notification?
Thanks for the time and consideration to give us small customers a voice. Now will it be heard or ignored?