cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
astur1980
Level 7
Report Inappropriate Content
Message 1 of 11

How to receive alerts when bypass/uninstall codes are generated

Hi all,

How could I receive emails every time either a SLP bypass or uninstall code is generated?

Thanks a lot

10 Replies
bphang
Level 10
Report Inappropriate Content
Message 2 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

I believe real time alert will not be possible using EPO built in feature.

Best bet is to use SIEM solution.

Please cmiiw.

palex
Level 11
Report Inappropriate Content
Message 3 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

Hi, astur1980!

I'm not aware of such opportunities ePO. Why are You so interested in this issue? Key bypass DLP can generate only the administrator and not the user. However, I this function is not like milked until the time of the crawl, DLP does not control the employee. It is very dangerous. I'm testing another option: make 2 identical policy: 1 - block, 2 - monitor. Then at the request of the user is switched from mode 1 to mode 2.

Kind regards.

astur1980
Level 7
Report Inappropriate Content
Message 4 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

Thanks guys.

Sometimes our helpdesk guys needs to generate temporary bypass, and I would like to get an alert/message when this happen, in order to be sure that bypass codes are always generated for business reasons.

I can't believe there is not a way to do it, even making a query and sending it by email or something like that.

Thanks anyway

bphang
Level 10
Report Inappropriate Content
Message 5 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

are you looking to generate the alert real time or periodically?

Periodically is indeed possible.

Create a query for epo audit log and set the " generate ... " as the filter.

set a server task to email you on daily basis and you are set.

satz
Level 7
Report Inappropriate Content
Message 6 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

Hi,

If I'm not wrong then you can use Automatic response feature available on ePO server.

>> Create a new response in Automatic response page.

>> Select Event group: ePO notification events

Event type: Client

>> Under the "Filter" column, Add the below event IDs with logical 'AND" function (add only the IDs).

19102: Agent Enters Bypass Mode (Info)

19103: Agent Leaves Bypass Mode (Info)

19131: Agent Uninstall Key Generated (Info)

>> Proceed to further configurations to trigger the response and to get email notification. (above scenario is untested, you can test it in your lab environment)

Note:

Email server need to configure on the ePO server to get the email notification.

Once ePO receives events from the client machine, It will trigger an email. (This settings is not applicable for offline machines).

For more info, Please refer the ePO product guide under automatic response section.

bphang
Level 10
Report Inappropriate Content
Message 7 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

That is to send alert when agent went into the mentioned mode [== when the key is used]

It does not necessarily indicate when the key itself is generated .

satz
Level 7
Report Inappropriate Content
Message 8 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

You can test it with those event ids.

Thanks

bphang
Level 10
Report Inappropriate Content
Message 9 of 11

Re: How to receive alerts when bypass/uninstall codes are generated

We did

Re: How to receive alerts when bypass/uninstall codes are generated

Did this work?

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community