Endpoint Protection

Hi All, I am consistantly getting to see "Actual action: Left alone,Requested action: Cleaned,Secondary action: Deleted". Can anybody tell me the importance of Secondary action in Symantec logs? Thank you.

if the first action cannot be performed, the second action will be used. In this case, actual action was used. What was the source of this? Auto-Protect or Download Insight?

Can you tell me how actual action, requested action and secondary action works ?
 

Actual action - the action SEP took to remdiate the threat

Requested action - usually the same as actual action. this is action SEP is wants to perform.

Secondary action - action to take if the actual action does not work

Please check the link below if it helps you 

https://support.symantec.com/en_US/article.TECH102052.html

https://support.symantec.com/en_US/article.TECH190753.html

https://support.symantec.com/en_US/article.HOWTO80962.html

https://support.symantec.com/en_US/article.TECH104430.html

Action taken is what you define in a policy to SEP clients, on what to do if SEP clients detects something Malicious. 

However what if that FAILS, is what the Secondary action is all about. 

Thank you very much for your kind reply @Brian and hackgeek2411

You're welcome.