Notifications and logs are essential to maintain a secure environment. In general, you should monitor your remote clients in the same way that you monitor your other clients. You should always check to see that your protections are up to date and that your network is not currently under attack. If your network is under attack, then you want to find out who is behind the attack and how they attacked.
Your Home page preference settings determine the time period for which Symantec Endpoint Protection Manager displays data. By default, the data on the Home page represents only the clients that connected in the past 12 hours. If you have many clients that are frequently offline, your best monitoring option is to go to the logs and reports. In the logs and reports, you can filter the data to include offline clients.
Even if you restrict some of the client log data that mobile clients upload, you can check the following displays.
Table: Displays to monitor remote client security
Home > Endpoint Status
Displays whether the content is up to date or to see if any of the protections are turned off.
You can check the following status conditions:
Content dates and version numbers
Enabled and disabled protections
You can click Details to see the status for each client.
Home > Security Status
Displays the system security overview. View the Virus and Risks Activity Summary to see if your network is under attack.
You can click Details to see the status for each security protection technology.
Home > Virus and Risks Activity Summary
Displays the detected virus and risk activity, and the actions taken, such as cleaned, blocked, or quarantined.
Monitors > Summary Type > Network Threat Protection
Displays the information about attack types and sources.