A user just came in saying a virus popup from SEP appeared on their screen. We checked SEPM -- Nothing on our end. We did update content and a full scan from our side. Probably not a concern.
The only thing in SEPM is my (stupid) tracking cookies. Each time I run a scan when I logged in on a machine it finds them. That's what the SEPM shows -- lots of my tracking cookies.
I'd rather know more about these other events.
Why didn't it send us any kind of alert about a more serious virus threat? And why doesn't anything show up in SEPM for those events if it's alerting the user?
Is there any way from our side (being lazy and not wanting to walk over to the user's machine) to see the logs for that user's computer? The only way I see to view individual computer logs is to be on that computer itself and go through the SEP GUI.
I'd like to have more detailed information about these events.
Would this be a case where it's a virus that was seen before and we don't get an alert? First time, alert us. Second time, repeat what was done before?