risk logs giving "0.0.0.0" & "127.0.0.1" as source computer IP address & source computer name. What does it means & how we would exacly be able to find out the source machine(IP address)?
See this thread
http://www.symantec.com/connect/forums/source-attack
Enable risk tracer
http://www.symantec.com/business/support/index?page=content&id=TECH94526
Hi lalit.er,
One excellent source of info is the Remote Host data available in IPS Attack logs. See this article...
Two Reasons why IPS is a "Must Have" for your Network https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network
That is an excellent indicator of which machines inside the organization are infected and attempting to spread infection.
Risk Tracer is not able to find the source
https://www-secure.symantec.com/connect/forums/risk-log-source-ip-0000