MARS and Symantec Endpoint Protection (SAV 11.x)

Unanswered Question
Mar 18th, 2008

MARS uses AMS to retrieve/parse messages from older versions of Symantec Antivirus. AMS doesn't exist in the newest version (aka Symantec Endpoint Protection). Is there a way to integrate SEP messages into MARS? If not, does anyone know if Cisco has any plans to support SEP with MARS?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
pcomeaux Thu, 05/29/2008 - 12:49

Hi -

Supporting Symantec Endpoint Protection is under consideration for a future release.

Have you written a custom parser for this in the meantime?

thxs

peter

milee1420 Thu, 05/29/2008 - 12:52

No, we have not. That would've been outside the scope/budget. After discussing with a few Cisco TACs, we determined that it would be more cost effective to wait for the new release.

Actions

This Discussion