Endpoint Protection

 View Only

  • 1.  Display the tripped IPS signatures from the SEPM client

    Posted Feb 11, 2010 03:24 PM
    Does anyone know how to view what IPS signatures are being tripped from the SEPM client?
    Right now it looks like the only way to see what IPS events that are occuring from and endpoint is from the SEPM console / Log


  • 2.  RE: Display the tripped IPS signatures from the SEPM client

    Posted Feb 11, 2010 03:28 PM
     Change the Clients to Server Control to Client Control Mode.
    But in that way you might loose the firewall policies. So you can do that for a troubleshooting purpose.

    In SEPM - Clients - highlight group- Policies-Location Specific Settings - Client User Interface Control settings.


  • 3.  RE: Display the tripped IPS signatures from the SEPM client

    Posted Feb 11, 2010 04:03 PM
    Are you referring to the Intrusion Prevention Policy setting in the Mixed Control Setting?

    Right now all options are set to server.


  • 4.  RE: Display the tripped IPS signatures from the SEPM client

    Posted Feb 11, 2010 04:14 PM
     Yes that correct.If you change it to client side it will show the logs on the client.


  • 5.  RE: Display the tripped IPS signatures from the SEPM client

    Posted Feb 11, 2010 04:18 PM
    Actually I just found it. The tripped IPS events are reported under the Client Management Logs - Security Log
    You would think Symantec would report Firewall and IPS event in the same log file under Network Threat Protection

    Thanks...