Endpoint Protection

 View Only

  • 1.  Symantec Endpoint Protection and Custom Quarantine List

    Posted Dec 21, 2009 01:23 AM
    I have just started as a AV Administrator for a company and wonder if someone can help with a Quarantine List issue. ( I am a novice).
    Problem
    If I log onto the Symantec Anti Virus console MMC and look at the server group list I can see a list of all machines within the group. When you right click on a PC that is showing the status of “Risk Found!”  Following these steps: - All Tasks> Symantec Anti Virus> Logs> Risk History  I can see all the Actions and the type of risk assigned to it and what action has been taken.
    Solution I want

    In my MMC for example I can click on one "Risk Found!" Status event and when I look at the risk history I can see it has already been cleaned and no actions is needed. I don't want to see these, I only want entrees for critical issues that need action like reboots etc.
    I don’t want an event created for none critical issues or issues that have been fixed like
    Cleaned By Deletion
    Quarantined
     
    All I want is to see “Risk Found” Events for critical issues that require a reboot and so on. Basically I am wanting to create a custom list which I can customise was to what is and isn’t logged.
     
    I hope this makes sense.
     
    Greg


  • 2.  RE: Symantec Endpoint Protection and Custom Quarantine List
    Best Answer

    Posted Dec 21, 2009 01:37 AM
    I'm not sure whether you can set priority to the view of SSC
    however you can use event log entries to get the necessary information.

    Symantec AntiVirus Corporate Edition event IDs explained

    http://service1.symantec.com/SUPPORT/ent-security.nsf/0/4543148c253740c088256c64006f54f2?OpenDocument&Src=bar_sch_nam&Click=


    5 An infected file has been found and quarantined  Does this suit your needs?

    When you click on view, I remember you get an option to select critical one.You can filter it that way