Endpoint Protection

I was wondering if anyone has had any success getting usable logs from the Mac clients into SEPM? We are getting some logs, but by far we aren't getting complete data. The Risk logs show that a risk was found, but don't tell me anything more than it was a virus. The Risk Name is listed as 4, and the type is Viral. The scan logs show the start time of a scan, but nothing else. I was hoping someone might have had some luck getting better results from these logs.

From what I understand this is working by design currently.

I remember a thread a few months back where blenahan was having the same issue and I believe sandra.g confirmed that this was the case.

Found the thread, please check this to see if helps:

https://www-secure.symantec.com/connect/forums/how-view-scan-details-sep-11-ru6-mac

Well, that is just unfortunate. I appreciate you finding that thread. So my next question is: Is anything logged at the OS level that would indicate any more information that we could send to a Syslog server?

We don't have very many Mac clients, but our environment requires us to have full logs from AV related issues. This potentially puts us out of compliance, so if anyone has any other suggestions I am open to almost anything.

Thanks again Brian81.

Brian is correct.  Please vote up this Idea:

https://www-secure.symantec.com/connect/idea/scan-results-displayed-sep-mac-clients-sepms-reporting-needs-expansion

I hope this is an isolated incident for you.  What I would do is open the log on the client (under Tools > View History).  It'll show Date, Location (hover mouse over for full path), virus, and status.  It unfortunately can't be exported (believe me, we find that frustrating too).  I would be surprised if it were anything but a detection on a Windows-based virus residing on the Mac file system; my bets are on an email attachment.

sandra

I will vote on that, thank you. Hopefully a future version will allow these logs to work more like the Windows based clients.

Thanks again for your help.