What does "****SUMMARIZED DATA***" mean in a Symantec Endpoint Protection Manager (SEPM) Risk Report?
When viewing Risk Reports in SEPM, there are one or more entries with "****SUMMARIZED DATA****" in the "File/Entry" field. An extract:
Computer Name | Source | Risk Name | Occurrences | File Path |
---|---|---|---|---|
XXXX4 | Auto-Protect | Adware.GoonSquad!g1 | 2 | ****SUMMARIZED DATA**** |
XXXX9 | Auto-Protect | W32.Rotinom | 8 | ****SUMMARIZED DATA**** |
XXXX0 | Manual Scan | ALS.Bursted.B | 14 | ****SUMMARIZED DATA**** |
XXXX8 | Manual Scan | Trojan.Gen.2 | 3 | ****SUMMARIZED DATA**** |
XXXX1 | Manual Scan | Adware.Popuppers | 2 | ****SUMMARIZED DATA**** |
XXXX98 | Auto-Protect | Adware.BL | 2 | ****SUMMARIZED DATA**** |
"****SUMMARIZED DATA****" indicates several identical "risk found" events grouped into a single event. After a designated time, these identical events have been compressed into one entry to conserve space in the SEPM database.
These settings can be configured by administrators. Database maintenance options help you to manage the size of your database by specifying compression settings and how long to keep data.
To adjust the settings that apply to compressed events in SEPM, go to Admin > Servers > Database > Edit Database Properties > Log Settings > 'Compress risk events after:'