About the reports you can run from Symantec Endpoint Protection Manager

book

Article ID: 180318

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

You can view predefined quick reports, and generate custom reports that are based on the filter settings you select.

The filter configurations can be saved to generate the same custom reports in the future and delete them when they are no longer needed.

Reports can be scheduled to run at regular intervals and emailed to specified recipients.

Report type Description

Application and Device Control

Displays information about events where some type of behavior was blocked. These reports include information about application security alerts, blocked targets, and blocked devices. Blocked targets can be Windows registry keys, dlls, files, and processes.

Compliance Displays information about the compliance status of your network. These reports include information about Enforcer servers, Enforcer clients, Enforcer traffic, and host compliance.
Computer Status Displays information about the operational status of the computers in your network, such as which computers have security features turned off. These reports include information about versions, the clients that have not checked in to the server, client inventory, and online status.
Network Threat Protection

Displays information about intrusion prevention, attacks on the firewall, and about firewall traffic and packets.

The Network Threat Protection reports allow you to track a computer's activity and its interaction with other computers and networks. They record information about the traffic that tries to enter or exit the computers through their network connections.

Risk Displays information about risk events on your management servers and their clients. It includes information about TruScan proactive threat scans.
Scan Displays information about antivirus and antispyware scan activity.
System

Displays information about event times, event types, sites, domains, servers, and severity levels.

You can configure basic settings and advanced settings for all reports to refine the data you want to view. You can modify the predefined reports and save your configuration. You can also save your custom filter with a name to run the same custom report at a later time. You can also delete your customized configurations if you don't need them anymore. The active filter settings are listed in the report if you have configured the log and report preferences setting to include the filters in reports. 

If you have multiple domains in your network, many reports allow you to view data for all domains, one site, or a few sites. The default for all quick reports is to show all domains, groups, servers, and so on, as appropriate for the report you select to create.

When you create a report, the report appears in a separate window. You can save a copy of the report in Web archive format or you can print a copy of the report. The saved file or printed report provides a snapshot of the current data in your reporting database so that you can retain a historical record.

You can also create scheduled reports that are automatically generated based on a schedule that you configure. You set the report filters and the time to run the report. When the report is finished, it is emailed to one or more recipients.

A scheduled report always runs by default. You can change the settings for any scheduled report that has not yet run. You can also delete a single scheduled report or all of the scheduled reports.