Endpoint Protection

here is the situation,

Managing SEP for huge company in North America.  When a virus is detected I would like to have the Symantec endpoint protection send a specially formated email to our ticketing system so the infections can be investigated.  

I have figured out how to take the information passed by Symantec and parse it so that I can send the email that I like. (you can do this because Symantec passes a variable that contains all the info that appears in the ticket to the bat file that you select)

The issue I am having is that the notification uses the term User and then about 50 percent of the time says that the user is System.  However if you look in the SEPM console it knows the logon username.

This creates an issue for our ticket system and means that someone has to search out the username for each of these machine to assign the ticket to the correct Branch office.

My Question is this: What is the variable User?  I can't find a field called "User" when I search through the clients.  I would prefer that the email supplied the login username but that data does not seem to be pulled for these notifications. Is there anyway to get this data?

My Suggestion for future versions would be the following:

Allow SEPM admins to format their own emails with a supplied list of variables.  Most modern IT ticket systems can enter tickets based on specifically formatted emails and Symantec should provide a way to send these emails from within the console

You can put this Under the IDEA section of the commuinity.

Do you mean you need to get the administrators name instead of SYSTEM in the from ADddress?

https://www-secure.symantec.com/connect/blogs/configuring-address-sepm

not thats not actually what I mean what I mean is that when the notification email arrives it looks like this:

would anyone care to provide information?

When scheduled scans run, they would run under SYSTEM account.. thats the reason why the user variable is set to SYSTEM

If you have created any user defined scan, like opening the sep console and setting a full scan. If any virus is detected and notification is sent, then you would see the user variable.

The email notification is set from sepm for your admin defined scans,hence its SYSTEM.

please let me know if you have any questions.

sorry for getting late on this...:)

Is there any way for this to be altered in the console.  Providing the username would be much more useful 

Noway, coz its not user who is running the scan:) 

when you pull the report..it will give u logged in user ;scan start ; end time, etc..its only user logged in at that particular time, 

if you want to alter, 

remove admin scan, create user defined scans on all the machines which is very hectic :)

I appreciate the information but the thread is not solved as SEPM should be able to send useful data to the admin. 

As of now this feature is not available :(

you can post an idea under ideas sections, more number of votes , features will be considered during development. First vote will be mine :)