Endpoint Protection

 View Only

  • 1.  Network Virus Detected

    Posted Oct 05, 2017 05:48 AM
      |   view attached

    Hi

    Everytime i when i computer gets virus and SEP deletets it i got notification as email

    If sep delets the virus i dont want alert mail how can i change Notification condition 

    Can i change Damper from 20min to Auto will that solve my problem

     

    From: virus-alert@**********.se
    Sent: 2017-10-05 08:56:37
    To: Tomas Gabriel, virus-alert@********.se
    Subject: CRITICAL: 1 Network Virus Detected
    Message from:
        Server name: ***************
        Server IP: 192.168.58.91
        Administrator Email: virus-alert@***********************
        Company Name: ************
        
    Found 1 or more risks. Actual number of risks found was 1 in 1 minute(s).


    Symantec Endpoint Protection
    Symantec
    Notification Events
    Earliest Event Time: 10/05/2017 08:47:34 to Latest Event Time: 10/05/2017 08:47:34  



    Computer
    User
    IP Address Risk
    Risk Type Risk Count Date Time Domain
    Server
    Group Action
    Source File / Entry Hash Type / File Hash
    XHOAL-LT011
    SYSTEM
    192.168.67.36 Ransom.Kovter
    Malware 1 10/05/2017 08:47:34 Default
    *************
    ******************************** Left alone
    Auto-Protect C:\Users\mger\AppData\Local\Microsoft\Windows\devicedhcp.exe SHA-256
    FBFF242AEEFF9828 5E000EF03CFA96E8 7D6D63C41080D531 EDCB455646B64EEC 



  • 2.  RE: Network Virus Detected

    Posted Oct 05, 2017 11:40 AM

    What version of SEPM are you using? With SEPM 14 you can customize alerts by severity and action taken.



  • 3.  RE: Network Virus Detected

    Posted Dec 13, 2017 11:15 AM

    SEPM 14. RU1

    Brian - We have our Single Risk Event notifications set to automatically notify Administrators and Service Desk personnel.  If we customize alerts by severity and action taken (say Category 1 (Very Low) and above) and (Cleaned by Deletion) to only send to Administrators ... since "and above" is a part of the Risk Severity, will I have to break out all other Action Taken selections to keep from getting duplicate emails?  If I am not over thinking this, I take this to mean that Risk Severity contains "And Above" meaning Category 1 thru 5 - Cleaned by Deletion would only go to Administrators, right?  And I would have to defne Action Taken: Access Denied, Action Invalid, All Actions Failed, etc. seperately ... correct?



  • 4.  RE: Network Virus Detected

    Posted Dec 15, 2017 05:33 AM

    Hi Tomas,

    Just a tangent: SHA256 fbff242aeeff98285e000ef03cfa96e87d6d63c41080d531edcb455646b64eec is Ransom.Kovter.  Ransomware is a serious threat- SEP has protected you against that sample, but do make sure that your systems are hardened against future attack!

    Support Perspective: W97M.Downloader Battle Plan
    https://www-secure.symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan

    What NOT to Click
    https://www.symantec.com/connect/articles/what-not-click

    Hardening Your Environment Against Ransomware
    https://www.symantec.com/connect/articles/hardening-your-environment-against-ransomware