Endpoint Protection

 View Only

  • 1.  How to get notified realtime by email when infected items is detected ?

    Posted Jul 26, 2013 05:06 AM

    Hi Folks,

    How can I get email notification when there is infeceted items in the drive ?



  • 2.  RE: How to get notified realtime by email when infected items is detected ?

    Trusted Advisor
    Posted Jul 26, 2013 05:09 AM

    Hello,

    Yes, you can create notification for the same. Check these steps:

    • SEPM >> Monitors page >> Notifications >> Notification Conditions
    • Add >> and you have two options here
    • You can select "New Risk Detected" or "Single Risk event"
    • Edit each as you see fit and save them.

    However, SEPM has few notifications which are preconfigured.

    In your case, SEPM has the "New risk detected", "Risk outbreak" and "Single risk event" preconfigured.

    Check this Article:

    About the preconfigured notifications

    http://www.symantec.com/docs/HOWTO55128

    Hope that helps!!



  • 3.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Jul 26, 2013 05:09 AM

    Hi John ,

     

    Check this thread may help you.

    https://www-secure.symantec.com/connect/forums/configure-instant-email-notification-detected-threat-sep11#comment-3724661



  • 4.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Jul 26, 2013 05:17 AM

    Check this article

    Creating notifications in the Symantec Endpoint Protection Manager



  • 5.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Jul 26, 2013 05:17 AM

    You need to use a specific notification conditions - have a look here:

    About the preconfigured notifications

    Article:HOWTO55128  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55128

    ...particular of interest in this case would be:

     

    New risk detected

    This notification triggers whenever a new risk is detected by virus and spyware scans.

    Risk outbreak

    This notification alerts administrators about security risk outbreaks. You set the number and type of occurrences of new risks and the time period within which they must occur to trigger the notification. Types of occurrences include occurrences on any computer, occurrences on a single computer, or occurrences on distinct computers.

    This notification condition is enabled by default

    Single risk event

    This notification triggers upon the detection of a single risk event and provides details about the risk. The details include the user and the computer involved, and the actions taken by the management server.



  • 6.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Jul 26, 2013 06:34 AM

    Agree with the above postings.

    However, keep in mind that SEPM is only able to trigger a notification/e-mail if it has received the client logs with the virus incident. Client logs are always sent in the heartbeat interval, so depending on your heartbeat interval it may take several minutes (or in extreme cases even hours) until the SEPM gets the virus alert message and can trigger the notification/e-mail.

    There are a lot of parameters to calibrate the heartbeat interval. To get quick notifications is one of them.



  • 7.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Jul 29, 2013 02:13 AM

    Hi,

    Email Server configurations

    Option

    Description

    Server Address

    IP address, host name, or domain name of the email server.

    Port Number

    Port number for the email server that sends the notifications.

    Sender email address

    Specify the email address from which notifications should be sent.

    If this text box is left blank, SEPM_Server@computer name sends the notifications.

    User name

    User name of the account on the email server.

    Password

    Password of the account on the mail server. This field is mandatory if the email server requires authentication.

    Require the server to use a secure connection (SSL)

    Check this box if your email server requires a secure connection.

     

    Then you can log on to SEPM à Monitor Tabà Notificationsà Notification conditions

    Add a new condition and e-mail address.

    # note in case of Pull communication You may not get an real time notifications (depends up on the heart beat interval) 

    Regards

    Ajin

     



  • 8.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Jul 30, 2013 04:30 AM

    Cool,

    Let me test it first guys.

    Thanks for the suggestion !



  • 9.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Jul 30, 2013 08:41 AM
    try this, http://www.symantec.com/business/support/index?page=content&id=HOWTO55128


  • 10.  RE: How to get notified realtime by email when infected items is detected ?

    Posted Aug 02, 2013 02:35 AM

    Hi

    Please refer the article below

    http://www.symantec.com/docs/HOWTO55128

    Regards