Endpoint Protection

Hey everyone, I'm new to the community and I've just started helping manage the SEPM in my company.

I'm mapping the actions taken by SEPM in order to keep our clients safe and trying to understand what each one of them does. While I've been able to find the other action field values trough this link: http://www.symantec.com/docs/TECH102052 I dont see the "Blocked" field value anywhere .

I know its pretty much self explanatory by the name, but what exactly does SEPM do when this happens? Does it just block the file from being executed or does it also deletes it? Can the user try to run it again?

From what I understand most of the files are being blocked while only a few actually infect the computers, those who do manage to infect it go to either the "Cleaned", "Quarantined", "Deleted" or "Pending Repair".

Thanks in advance.

The SEP client will block access to the file so it is not accessible and cannot cause further damage to the system until you can manually remediate.

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Welcome to the community! I believe you will find it very helpful.

I highly encourage you to review the SEP knowledgebase site. It can be found here:

http://www.symantec.com/business/support/index?page=productlanding&key=54619

It contains many great articles and links to previous posts which may already have your answer. The search function on Connect is invaluable. Please use it often.

If you have any further questions, you can reach out privately if you wish.

Basically, It blocks that file.. Preventing any more access or modifications.