User identification and notification when a risk is found
When Symantec Protection Engine finds a risk in a file that an RPC network-attached-storage client requests, Symantec Protection Engine obtains identification information about the user who requested the infected file. The identification information includes the security identifier of the user and the IP address and host name of the requesting computer. This information is included in all related log messages that are sent to all active logging destinations for Symantec Protection Engine. This feature provides administrators with as much information as possible when a risk is found.
Symantec Protection Engine can obtain only the information that the RPC client makes available. If the identification information is available, Symantec Protection Engine records it in the related log entries. Any identification information that cannot be obtained from the RPC client is omitted from the log messages and from the user notification window.
The notification message includes the following information:
Date and time of the event
Name of the infected file
Threat or security risk name and ID
Manner in which the infected file was handled (for example, the file was deleted)