cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
dnf
Level 10
Report Inappropriate Content
Message 1 of 6

Alerting of virus

Hi community,

I need to receive an alert when a certain number of different computers have the same virus. ¿Is there a way to do that from the console?

Thanks

5 Replies
dnf
Level 10
Report Inappropriate Content
Message 2 of 6

Re: Alerting of virus

Anybody has an idea? I can´t think of a way of doing it...

Re: Alerting of virus

That should be doable from within the ePO console, email alerts can be configured aggregated and so on, maybe this would do the trick?

Tristan
Level 15
Report Inappropriate Content
Message 4 of 6

Re: Alerting of virus

Menu -> Automation -> Automatic Responses

Step through the response builder wizard and configure the filter and aggregation screen something like the example below but obviously altering it to the virus/virus type/malware/pup/event that you want to detect.

It's the aggregation section and selecting the distinct agent GUID option that will trigger the response when a certain number is reached.

alert.jpg

ittech
Level 13
Report Inappropriate Content
Message 5 of 6

Re: Alerting of virus

Based on Tristan's example I've set up a similar alert that includes trojans, rootkits, and spyware. It also excludes certain threat name like "none" and those which contain the word "prevent". I know that "none" shows in my ePO reports when PCs start there scheduled scans and that there are a few different "prevent" threat names, most commonly one that is a deny terminate action. This way it will report any threat name, but not the ones that I feel are not a true threat.

Capture.PNG

dnf
Level 10
Report Inappropriate Content
Message 6 of 6

Re: Alerting of virus

Thanks Tristan sbenedix and ittech for the answer.

I´ve tried these options but I can´t find the way of create the alert when the threat is the same. I mean, it has to be the same virus, trojan, rootkit....

By doing that, I can create an alert when a threat is found in different clients, but it could be different. I don´t know if I express myself properly or if I´m wrong with how I understood your advices.

El mensaje fue editado por: dnf on 3/09/12 9:03:49 CDT