This dashboard is meant to show the overall view of attacks/threats being detected and stopped in theenvironment by VirusScan. This is more of an executive dashboard that shows the value of the McAfee product set. A notable query is “GY-Total Infected SystemsCleaned per Week”. This query does NOT return number of events, instead it returns number of unique machines that were infected.. This is important to measure UNIQUE machines that had infections not just total threat events which is typical of the default queries that come with ePO. There are countless cases where one machines can generate thousands of virus events in just a few hours and skew your total number of infections. This query will count the machines only once even if it generated thousands of events.
The next logical question should be "Well how many UNIQUE infected machines should I have per week?" The answer is of course, "It depends". But I will skip that canned answer and give you a definitive answer. The answer for any organization is about 1% of your total machines. I am basing this on 13 years of experience working at MFE. So if you have 10k nodes the AVERAGE organization this size should have ROUGHLY 100 unique infected machines per week. If you have 2%, then that is above the average and you need to look at your overall security and ask yourself why you are above the average and which threat vector is negatively affecting you. Is is your mail gateway? Is your web gateway? Are your end users allowed to surf anywhere on the Internet when they are at a Starbucks, etc. If you are less than 1% then you are doing well compared to the average organization.