We had seen them occasionally in the past. Having something attack isn't a huge surprise. (And we hadn't located the logs in SEPM. Those logs are really buried...)
Currently my area is "under attack." Symantec is fending them off. In the SEPM network attack logs we can see them and there are a lot more over the last few weeks. We're working with other IT security people. The infected machines are outside my area though, outside my control. I just have to put up with someone else's apparently infected machines trying attack mine.
Those little yellow popups though... How we disable those from popping up? It looks like 3-4 times per day something is sweeping through ip addresses. If you're using your computer when it gets attacked, Symantec puts up the little yellow notification. That is actually what caught our attention at first. Everyone started mentioning that they kept seeing those pop up. But now we're aware of it.
How do we disable those popups, especially for a regular user? I don't mind getting reminded that the network attack issue is happening myself. Users don't need to see the popups frequently though.
Is there a policy I can tweak and push out in SEPM to stop those from popping up, as opposed to visiting every machine to tweak a setting?
Disable IPS notifications:
Is that "Display the Auto-Protect results dialog on the infected computer?" in SEP, Virus and Spayware Protection Policy, Protection Technology, Auto-Protect, notifications tab? That doesn't quite sound right though.... "My" computer isn't really infected. It's being attacked.
No, you're in the wrong policy. This is for IPS not AP.