Communication with endpoint

I need a solution

Hi everyone,

I’m thinking about using Symantec’s products but I have a few questions about them. To be more certain, I have a few questions about the communication between the client (the endpoint) and the cloud.

– How often do they communicate?

– Can I set this time interval to a desired value?

– If yes, what are the limits?

– Can both sides start communication, or only one of them?

Thanks for the answers




Re: How to make ACS URL not to expire?

Hi Susmita,

The time interval is interpreted as minutes, the default is 360(6 hours), but you may set it to for example 1 day 1440(1 day): = 1440

This defines the length of time for which a URL for content retrieval is valid from the time it was generated.

See the following KB article for details:





SPSS one sample t test displays incorrect CI bounds for diff of means

I ran a simple one sample t-test. All of the results are correct, except for the 95% Confidence Interval of the difference. The lower and upper bounds are both negative. It seems to me that each of the bounds should have the same magnitude, but with different signs; so the lower bound should be negative and the upper bound should be positive. For sure, 0, indicating no difference between the means should reside inside of this confidence interval.
N = 10; Mean = 77.7; Std Dev = 11.46056; St Error = 3.62415
Here is the output:

One-Sample Test
Test Value = 89

t = -3.118; df = 9; Sig. (2-tailed) = .012
; Mean Difference = -11.30000

95% Confidence Interval of the Diff : Lower = -19.4984 ;
Upper = -3.1016

Please let me know what the numbers represent in the output because it does not represent the 95% Confidence Interval of the difference of the means. Thank you!


Why do I have different FirstOccurrence for the alarm and the child alarms?

I have for an alarm the First Occurrence set to 3/2/17 9AM, and when I open child alarm the FirstOccurrence is 3/2/17 8AM. On the graph I can see that 8AM is the real start of the problem .
Also, on the same list, the alarm above selected is the same alarm, just first anomalious interval (same graph on the third picture, first anomalious interval).


How to Interpret Anomaly Description


I have created several anomaly rules based upon saved views and having difficulty understanding the meaning of the anomaly description.

Created the following anomaly rule (specified a single log source to evaluate):
“Anomaly detection of border FW Traffic when time series data is being aggregated by Log Source and when the average value (per interval) of Event Count (Sum) over the last 30 mins is at least 100% different from the average value (per interval) of the same property over the last 1 week”

I thought what this logic would do is evaluate the traffic based on 30 minute intervals and compare it to the same 30 minute interval from the previous week, for example that Monday 1:00-1:30 would be compared to the previous Monday 1:00-1:30 and it would fire only if the value was 100% different (double). I purposefully chose to span 1 week for the aggregated data as I thought this would compare like for like traffic and easily identify anomalies. However this does not seem to be how it works, when the rule actually fired it states:

“Event Count (Sum) (Log Source is %LOG SOURCE NAME%) was aggregated over 30 intervals and the aggregate value was 100% different from the average (per interval) of the same property over the last 1 week at 1:09 PM”

Note it states 30 intervals were assessed, does this mean it evaluated 30 minute intervals x 30 = 900 minutes? The interpretation is ambiguous and the documentation I found seems light. Furthermore the 30 minute intervals appears to be a rolling 30 minutes (i.e. it is not discrete 9:00AM-9:30AM, but rather can be 9:01-9:31, 9:02-9:32, etc.) which makes interpretation even more difficult. We have a number of use cases where I would like to use the Anomaly and Behavioral rules so I would really like to understand them better.

If anyone has suggestions or a better explanation it would be appreciated.