There's a list which says where the status is assigned, e.g., under investigation or investigation finished. We're no longer looking at digging into information or wading through hundreds of incidents.
#Symantec endpoint protection 14 offline virus definitions manual#
We can then choose to take any manual actions, if we want, or start our investigation. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source." "Any alert that we get is an actionable alert. It's one of the best features." "The entirety of our network infrastructure is Cisco and the most valuable feature is the integration." "Among the most valuable features are the exclusions. It allows for research into a threat, and you can chart your progress on how you're resolving it." "The solution's integration capabilities are excellent. That can shorten the useful life of a device." "It is extensive in terms of providing visibility and insights into threats. We don't see battery degradation like you do with other solutions which really drain the battery, as they're constantly doing things. That was a big thing for us, especially in the mobile world. It is an agent-based solution, and we see no performance knock on cell phones. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP." "It doesn't impact the devices. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. "Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer.