Menu -> Automation -> Automatic Responses
Step through the response builder wizard and configure the filter and aggregation screen something like the example below but obviously altering it to the virus/virus type/malware/pup/event that you want to detect.
It's the aggregation section and selecting the distinct agent GUID option that will trigger the response when a certain number is reached.
Based on Tristan's example I've set up a similar alert that includes trojans, rootkits, and spyware. It also excludes certain threat name like "none" and those which contain the word "prevent". I know that "none" shows in my ePO reports when PCs start there scheduled scans and that there are a few different "prevent" threat names, most commonly one that is a deny terminate action. This way it will report any threat name, but not the ones that I feel are not a true threat.
Thanks Tristan sbenedix and ittech for the answer.
I´ve tried these options but I can´t find the way of create the alert when the threat is the same. I mean, it has to be the same virus, trojan, rootkit....
By doing that, I can create an alert when a threat is found in different clients, but it could be different. I don´t know if I express myself properly or if I´m wrong with how I understood your advices.El mensaje fue editado por: dnf on 3/09/12 9:03:49 CDT