Reports, logs, and notifications

To find out more about how reports, logs, and notification differ in an on-premises
Symantec Endpoint Protection
(SEP) 14.x and
Symantec Endpoint Security
(SES) Complete, see the following topics:

Reports and templates

Reports and templates: SEP vs. SES
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Audit
Policies used.
Not available.
Settings
Application and Device Control
  • Top Groups With Most Alerted Application Control Logs
  • Top Targets Blocked
  • Top Devices Blocked
Application Control:
  • Application Control
Device Control:
  • Top 5 Unique Blocked External Devices
  • KPI:
    Total Devices with Blocked External Devices
    Total Unique External Devices Blocked
Compliance
  • Host Integrity Status
  • Clients by Compliance Failure Summary
  • Compliance Failure Details
  • Non-compliant Clients by Location
Compliance log.
Computer Status
  • Virus Definitions Distribution
  • Computer Not Recently Updated
  • Symantec Endpoint Protection Product Versions
  • Intrusion Prevention Signature Distribution
  • Download Protection Signature Distribution
  • SONAR Signature Distribution
  • Low Bandwidth Content Distribution
  • Client Inventory
  • Compliance Status Distribution
  • Client Online Status
  • Clients With Latest Policy
  • Client Count by Group
  • Security Status Summary
  • Protection Content Versions
  • Symantec Endpoint Protection Licensing Status
  • Client Inventory Details
  • Deployment Report
  • Device Integrity Comprehensive Report
  • Device Integrity Computer Status Report: Includes cloud-managed and on-premises clients.
Application Control:
  • Blocked Apps Report
  • Drift Analysis Report
Deception
New as of 14.1.
Available soon.
Network and Host Exploit Mitigation
  • Top Targets Attacked
  • Top Sources of Attack
  • Top Types of Attack
  • Top Blocked Applications
  • Attacks Over Time
  • Security Events by Severity
  • Blocked Applications Over Time
  • Traffic Notifications Over Time
  • Top Traffic Notifications
  • Memory Exploit Mitigation Detections
  • Full Report
  • Intrusion Prevention Report
  • Firewall Report
Risk
Antimalware
  • Infected and At Risk Computers
  • Action List
  • Risk Detections Count
  • New Risks Detected in the Network
  • Top Risks Detections Correlation
  • Download Risk Distributions
  • Risk Distribution Summary
  • Risk Distribution Over Time
  • Risk Distribution by Protection Technology
  • SONAR Detection Results
  • SONAR Threat Distribution
  • SONAR Threat Detection Over Time
  • Action Summary for Top Risks
  • Number of Notifications
  • Number of Notifications Over Time
  • Weekly Outbreaks
  • Comprehensive Risk Report
  • Symantec Endpoint Protection Daily Status
  • Symantec Endpoint Protection Weekly Status
See Scan reports.
Scan
  • Scan Statistics Histogram
  • Computer by Last Scan Time
  • Computers Not Scanned
  • SES Daily Report
  • SES Weekly Report
  • SES Comprehensive Report
System
  • Top Clients That Generate Errors
  • Top Servers That Generate Errors
  • Database Replication Failures Over Time
  • Site Status
  • WSS Integration Token Usage
Format
HTML
  • PDF
  • HTML
  • CSV

Logs and notifications

In
Symantec Endpoint Security
, logs are
Events
, and notifications are called
Alerts
.
Logs and notifications: SEP vs. SES
On-premises
Symantec Endpoint Protection
Symantec Endpoint Security
cloud console
Logs
  • Host Integrity status:
    • All
    • Fail
    • Success
    • Pending
    • Disabled
    • Ignored
  • Host Integrity reason:
    • All
    • Pass
    • Antivirus version is out-of-date
    • Antivirus is not running
    • Script failed
    • Check is incomplete
    • Check is disabled
    • Location changed
  • Filters:
    • Infected only
    • Tamper Protection off
    • Auto-Protect off
    • Trusted Platform Module installed
    • Memory Exploit Mitigation off
    • Download Insight off
    • SONAR off
    • Firewall off
    • Intrusion Prevention off
    • Antivirus engine off
    • Restart required
No commands on events.
Events (Severity)
  • Informational
  • Minor
  • Major
  • Critical
  • Informational
  • Warning
  • Minor
  • Major
  • Critical
  • Fatal
Commands
Devices
  • Evidence of Compromise Scan/Cancel Evidence of Compromise Scan
  • Scan/Cancel Scan
  • Collect File Fingerprint List
  • Delete from Quarantine
  • Disable/Enable Download Insight
  • Disable/Enable Network Threat Protection
  • Enable Auto-Protect
  • Power Eraser
  • Restart Client Computers
  • Update Content
  • Update Content and Scan
With status:
  • Not received
  • Received
  • In progress
  • Completed
  • Rejected
  • Cancelled
  • Error
  • Evidence of Compromise Scan (Available soon)
  • Power Eraser (Available soon)
  • Restart Client Computers
  • Run Scan
  • Run LiveUpdate
Notifications
Alerts
  • Authentication failure
  • Client list changed
  • Client security alert
  • Download Protection content out-of-date
  • File reputation lookup alert
  • Forced application detected
  • IPS signature out-of-date
  • Licensing issue
  • Low-bandwidth AML content out-of-date
  • Memory Exploit Mitigation detection
  • Network load alert: requests for virus and spyware full definitions
  • New learned application
  • New risk detected
  • New software package
  • New user-allowed download
  • Power Eraser recommended
  • Risk outbreak
  • Server health
  • Single risk event
  • SONAR definitions out-of-date
  • System event
  • Unmanaged computers
  • Virus definitions out-of-date
  • What should happen when this notification is triggered?
    • Log the notification
    • Run the batch or executable file
    • Send email to system administrators
    • Send email to (comma or semicolon separated)
  • Suspicious Threats
  • License
  • Unknown reputation
  • Compromised device
  • LiveUpdate failed
Available soon: Customizable notifications.