This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do you clear Exploit Prevention events ??

We started using Exploit Prevention recently, and so far it's only caught false positives.  Some of the users have really been racking up the event counters.  We've made exceptions for these things now, and would like the counters to go back to 0 for these users.  I see no way in the enterprise console to do this.  The EP events don't show up in the computer's normal "Resolve events and errors" dialog.  Why that is also - I dont know.

Can someone help out?

 

Thanks!



This thread was automatically locked due to age.
Parents
  • Hello Moltron5k,

    Why that is
    because they are Events (like Web Events) and the dialog is for Alerts and Errors
    (that doesn't even let you deal with all, e.g.download errors). It's, I think, mainly a design decision.

    Events are always associated with the computer and there's no console interface to clear them other than Tools Configure Reporting ... (not Manage Reports ...), tab Purge that lets you specify the history length. You can selectively purge Events with PurgeDB.exe. It's global though, i.e. you can't select individual computers.
    Everything else requires an unsupported direct modification of the database (not rocket science to do it per computer, quite tricky if you really want to go for users).

    Christian

  • Thanks Christian - I'll look into the purgedb utility.  It seems like it'll do what I'm looking for and in a supported way.  Didn't realize the purge tab there also in the configure reporting. One of the two will help me out. 

     

    -Moltron

Reply
  • Thanks Christian - I'll look into the purgedb utility.  It seems like it'll do what I'm looking for and in a supported way.  Didn't realize the purge tab there also in the configure reporting. One of the two will help me out. 

     

    -Moltron

Children
  • Hello Moltron,

    please be aware that the Purge tab applies to all Events and not only Events but also Alerts and Errors (except the outstanding ones). So most Reports would be pretty empty. Dunno if an interval of 0 months is indeed zero or never. Can't find it in the help (and don't want to test).

    Christian