Monitoring endpoint protection

Symantec Endpoint Protection
collects information about the security events in your network. You can use log and reports to view these events, and you can use notifications to stay informed about the events as they occur.
You can use the reports and logs to determine the answers to the following kinds of questions:
  • Which computers are infected?
  • Which computers need scanning?
  • What risks were detected in the network?
Tasks for monitoring endpoint protection
Review the security status of your network
The following list describes some of the tasks that you can perform to monitor the security status of your client computers.
For more information, see:
Locate which client computers need protection
You can perform the following tasks to view or find which computers need additional protection:
Protect your client computers
You can run commands from the console to protect the client computers. See:
For example, you can eliminate security risks on client computers. See:
Configure notifications to alert you when security events occur
You can create and configure notifications to be triggered when certain security-related events occur. For example, you can set a notification to occur when an intrusion attempt occurs on a client computer. See:
Create custom quick reports and scheduled reports for ongoing monitoring
You can create and generate customized quick reports and you can schedule custom reports to run regularly with the information that you want to see. See:
Minimize the amount of space that client logs take
For security purposes, you might need to retain log records for a longer period of time. However, if you have a large number of clients, you may have a large volume of client log data.
If your management server runs low on space, you might need to decrease the log sizes, and the amount of time the database keeps the logs.
You can reduce the volume of log data by performing the following tasks:
Export log data to a centralized location
Log data export is useful if you want to accumulate all logs from your entire network in a centralized location. Log data export is also useful if you want to use a third-party program such as a spreadsheet to organize or manipulate the data. You also might want to export the data in your logs before you delete log records.
You can export the data in some logs to a comma-delimited text file. You can export other logs' data to a tab-delimited text file that is called a dump file or to a Syslog server. See:
Troubleshoot issues with reports and logs
You can troubleshoot some issues with reporting. See:
Symantec Endpoint Protection
pulls the events that appear in the reports from the event logs on your management servers. The event logs contain time-stamps in the client computers' time zones. When the management server receives the events, it converts the event time-stamps to Greenwich Mean Time (GMT) for insertion into the database. When you create reports, the reporting software displays information about events in the local time of the computer on which you view the reports.