Are you sure you have 10.1 and not 10.0.1?
I can confirm that 10.1 DEFINITELY comes with the reporting server. Its not
currently available to gold customers, but will be soon. If you have a
Platinum support account you can download it.
Leave the examples thing with me... I'll see what I can do.
p.
-------- Original Message --------
Return-Path:
<focus-virus-return-3635-bugtraq=murgatroyd.org.uk@securityfocus.com> Tue Jun
20 01:49:16 2006
Received: from outgoing.securityfocus.com [205.206.231.27] by
padme.x-entiahost.com with SMTP;
Tue, 20 Jun 2006 01:49:16 +0100
Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
via smtpd (for [72.232.29.58] [72.232.29.58]) with ESMTP; Mon, 19
Jun 2006 17:48:27 -0700
Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 6478823A0C5; Mon, 19 Jun 2006 12:44:17 -0600 (MDT)
Received: (qmail 23313 invoked from network); 19 Jun 2006 14:47:23 -0000
Mailing-List: contact focus-virus-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <focus-virus.list-id.securityfocus.com>
List-Post: <mailto:focus-virus@securityfocus.com>
List-Help: <mailto:focus-virus-help@securityfocus.com>
List-Unsubscribe: <mailto:focus-virus-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:focus-virus-subscribe@securityfocus.com>
Delivered-To: mailing list focus-virus@securityfocus.com
Delivered-To: moderator for focus-virus@securityfocus.com
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: Symantec AV reporting metrics.
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 19 Jun 2006 09:59:11 -0400
Message-ID: <5033C406F6AE9E4D9682852DFE2F2AE6083DAC@VPMAIL.vistaprint.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Symantec AV reporting metrics.
Thread-Index: AcaL1vXQmS8evs83RO25VhfcaEDtAgGxs8PAAAAc/pAAQn4n8A==
References: <00a201c6929e$7b3d97c0$0b01a8c0@cheers>
From: "Nick Duda" <nduda@VistaPrint.com>
To: "Serge Vondandamo" <serge.vondandamo@wanadoo.fr>,
"Ted Senn" <ted.senn@zurichna.com>
Cc: <focus-virus@securityfocus.com>, "sekure" <sekure@gmail.com>
X-OriginalArrivalTime: 19 Jun 2006 13:59:14.0188 (UTC)
FILETIME=[8C2854C0:01C693A8]
X-SmarterMail-Spam: SPF_Pass
X-Rcpt-To: <bugtraq@murgatroyd.org.uk>
I'm jumping into this late, but We are a SAV 10.1 Corp Edition company for
end users. I've done some basic research and found that Corp Edition cant run
a reporting server. Should I say, the reporting server does not come with
Corp Edition. Does a reporting server generate reports that are better than
was the SAV 10.1 corp console gives you. I can get good info from the
console, but no good reports can be generated from it.
I would be curious to see some screen grabs myself.
- Nick
-----Original Message-----
From: Serge Vondandamo [mailto:serge.vondandamo@wanadoo.fr]
Sent: Sunday, June 18, 2006 2:15 AM
To: 'Ted Senn'
Cc: focus-virus@securityfocus.com; 'sekure'
Subject: RE: Symantec AV reporting metrics.
I forgot to add that,
I have up to 6000 Clients located WW (Europe, Americas, APAC, and
Middle-east).
Thanks,
Serge
-----Message d'origine-----
De : Serge Vondandamo [mailto:serge.vondandamo@wanadoo.fr]
Envoyé : dimanche 18 juin 2006 08:11
À : 'Ted Senn'
Cc : 'focus-virus@securityfocus.com'; 'sekure'
Objet : RE: Symantec AV reporting metrics.
All,
Thank you for your pointers.
I have tried the manual process but it doesn't give good metrics for my
audience (CTO, CSO, CIOs, IT Managers).
I have tried to convince IT folks to upgrade to 10.1 so I can use the
reporting module but no one want to upgrade to a vulnerable version of the AV.
They don't believe in the patch provided by Symantec since I am not able to
test it and provide a technical report - patch the app and try to exploit the
vulnerability and report.
Please, could you help me on the following?
1. Do you have a screenshot of the reporting module? Graphs, type of metrics
it can provide, etc?
2. Do you know how I can patch 10.1 and test the effectiveness of the patch?
Thanks,
Serge
-----Message d'origine-----
De : Ted Senn [mailto:ted.senn@zurichna.com] Envoyé : vendredi 9 juin 2006
15:58 À : serge.vondandamo@wanadoo.fr Cc : focus-virus@securityfocus.com;
'sekure'
Objet : RE: Symantec AV reporting metrics.
Installing the reporting server is the start. Unless you have a small number
of clients I would recommend a separate system. The reporting server is
somewhat CPU intensive in my experience.
Each AV server will need to have reporting agents installed on them.
However for testing you can set up the reporting server and only those AV
servers that you want to test with would need the reporting agents installed.
You will need the SAV 10.1 SSC to configure the agents
Yes 10.1 needs to be maintenance patched to 10.1.0.400 and point patched to
10.1.0.401
Ted Senn
Security Engineer
Distributed Security
847-605-6837
"Serge Vondandamo"
<serge.vondandamo@ To: "'Ted Senn'"
<ted.senn@zurichna.com>
wanadoo.fr> cc:
<focus-virus@securityfocus.com>, "'sekure'" <sekure@gmail.com>
Subject: RE: Symantec AV
reporting metrics.
06/08/2006 09:26
PM
Thanks Ted,
If I understand, I just need to install the 10.1 and the reporting server in
one of my primary and that is it?
Is there any eval version of it? I will like to test it on my lab first.
BTW, is the 10.1 affected by the recent Symantec products vulnerability?
Thanks,
Serge
-----Message d'origine-----
De : Ted Senn [mailto:ted.senn@zurichna.com] Envoyé : mardi 6 juin 2006 14:24
À : serge.vondandamo@wanadoo.fr Cc : focus-virus@securityfocus.com; 'sekure'
Objet : RE: Symantec AV reporting metrics.
I am running Reporting server without any problem on version 10, and 9
servers. The agent installs and reports back to the reporting server. You
may need a special group with 10.1 for the reporting server only, but the
reporting will work with the lower version AV servers ( agent will not
install on NT systems)
Ted Senn
Distributed Security
"Serge Vondandamo"
<serge.vondandamo@ To: "'sekure'"
<sekure@gmail.com>
wanadoo.fr> cc:
<focus-virus@securityfocus.com>
Subject: RE: Symantec AV
reporting metrics.
06/05/2006 03:30
PM
Sekure and all,
Thanks but we don't have version 10.1 and unfortunately, I have to find a way
to report with the versions we have. I may suggest to upgrade but that will
not be possible now - IT Ops folks and other IS Managers will be difficult to
convince - given the heavy IT Governance and change process we have in place.
We currently have version 8 in few sites, version 9 and 10 in the majority of
the sites.
Paul, your pointers are more than welcome!!!
Thanks,
Serge
-----Message d'origine-----
De : sekure [mailto:sekure@gmail.com]
Envoyé : lundi 5 juin 2006 20:51
À : Serge Vondandamo
Cc : focus-virus@securityfocus.com
Objet : Re: Symantec AV reporting metrics.
Symantec Corp AV 10.1 has a reporting server module, which provides pretty
pictures for lots of these metrics.
On 6/3/06, Serge Vondandamo <serge.vondandamo@wanadoo.fr> wrote:
All,
I have been tasked to develop Symantec AV reporting metrics.
The metrics should help provide visual information (graphs, tables,
etc)
to
Senior management on weekly, monthly, quarterly and annual basis per
region
and WW if needed.
I am focusing on providing the followings:
- Number of AV clients per region,
- Number of AV engines, versions, per region,
- Information on AV defs per region, frequency of updates, versions of
AV definitions, age of AV definitions (i.e. two weeks old, two months
old,
very
old, etc).
- Status of AV clients per region - i.e. auto-protect enabled or
disabled,
threat found, old definitions, etc.
- Any other information that will be useful for big boss not
interested
on
technical data.
I am looking for pointers, idea and suggestion from those who have
already
done so; I will not try to re-invent the wheel ;)
Thanks for your inputs.
Regards,
Serge Vondandamo, HND, CISSP, CCNA.
******************* PLEASE NOTE ******************* This E-Mail/telefax
message and any documents accompanying this transmission may contain
privileged and/or confidential information and is intended solely for the
addressee(s) named above. If you are not the intended addressee/recipient,
you are hereby notified that any use of, disclosure, copying, distribution,
or reliance on the contents of this E-Mail/telefax information is strictly
prohibited and may result in legal action against you. Please reply to the
sender advising of the error in transmission and immediately delete/destroy
the message and any accompanying documents. Thank you.
---------------------
Confidentiality note
The information in this email and any attachment may contain confidential and
proprietary information of
VistaPrint and/or its affiliates and may be privileged or otherwise protected
from disclosure. If you are
not the intended recipient, you are hereby notified that any review, reliance
or distribution by others
or forwarding without express permission is strictly prohibited and may cause
liability. In case you have
received this message due to an error in transmission, please notify the
sender immediately and to delete
this email and any attachment from your system.
---------------------
