They might look like this….
“Symantec Endpoing Protection
[SID: #### ] Attack: SMB Double
Pulsar Ping detected
Symantec Service framework”
with a yellow exclamation point on the left.
The box(es) will pop up and disappear quickly. It’s difficult to get a screenshot of them.
I checked the SEP client logs. Nothing there. Looks normal for the system, risk, and scan log.
Checked SEPM. No special notifcations. Looks normal.
No emails are generated by these events.
I wouldn’t mind seeing something in SEPM . Logging into a client machine isn’t realistic. If there was some attack happening but it was being warded off, great, SEP is doing its job. I wouldn’t mind knowing if several users were seeing these popups though.
Where can I get more info on what the events are that causes these? And what are these little popups in general?