cancel
Showing results for 
Search instead for 
Did you mean: 
dnf
Level 10

Alerting of virus

Hi community,

I need to receive an alert when a certain number of different computers have the same virus. ¿Is there a way to do that from the console?

Thanks

0 Kudos
5 Replies
Highlighted
dnf
Level 10

Re: Alerting of virus

Anybody has an idea? I can´t think of a way of doing it...

0 Kudos
sbenedix
Level 10

Re: Alerting of virus

That should be doable from within the ePO console, email alerts can be configured aggregated and so on, maybe this would do the trick?

0 Kudos
Tristan
Level 15

Re: Alerting of virus

Menu -> Automation -> Automatic Responses

Step through the response builder wizard and configure the filter and aggregation screen something like the example below but obviously altering it to the virus/virus type/malware/pup/event that you want to detect.

It's the aggregation section and selecting the distinct agent GUID option that will trigger the response when a certain number is reached.

alert.jpg

0 Kudos
ittech
Level 13

Re: Alerting of virus

Based on Tristan's example I've set up a similar alert that includes trojans, rootkits, and spyware. It also excludes certain threat name like "none" and those which contain the word "prevent". I know that "none" shows in my ePO reports when PCs start there scheduled scans and that there are a few different "prevent" threat names, most commonly one that is a deny terminate action. This way it will report any threat name, but not the ones that I feel are not a true threat.

Capture.PNG

0 Kudos
dnf
Level 10

Re: Alerting of virus

Thanks Tristan sbenedix and ittech for the answer.

I´ve tried these options but I can´t find the way of create the alert when the threat is the same. I mean, it has to be the same virus, trojan, rootkit....

By doing that, I can create an alert when a threat is found in different clients, but it could be different. I don´t know if I express myself properly or if I´m wrong with how I understood your advices.

El mensaje fue editado por: dnf on 3/09/12 9:03:49 CDT
0 Kudos