The VSE On Access General Policy allows you to put a custom message, when a detection occurs.
Historically, we had a quite alarming message, to try to get the message across to users - something like "VIRUS ALERT! A virus was detected, please review... blah blah".
Since deploying patch 4, there have been more BO alerts (let's not discuss that here) and so the message has not been appropriate - it wasn't considered that this message was seen for all types of alerts.
We have now changed the message to be more "generic".
However, what message do YOU use? How do you best get the user to decide what action should be taken (clean/delete/no action/contact support)?
I've seen messages that steer people toward calling helpdesk, or even individuals.
I've seen messages that say something like "Don't move, we're coming to you - if we're not there in 5 minutes continue with other work but leave this message alone".
In most cases that I recall, there's no message provided for the User, it's suppressed. If you're getting an On Access Scanner detection, it means there is malware we know about - and it means we've denied access to the file; whether the action taken by us results in "cleaned" or "deleted" or "Clean failed/Delete failed", there was a "denied access" that occurred first. So you can be confident that particular threat is not active - but, it could be a clue that some other malware we _don't_ know about just tried to drop malware we _do_ know about.
I suspect that's why I've seen messages like the 2nd example. Detection notifications are worth following up on; it seems like a question of Data Information Security vs. the cost to maintain the desired level of confidence in that security.
I would say much more on this about what I'd really like to have happen if I had a say in educating Users about information security, but that's off topic.
sorry for my english
we have decided for our domains (9000 WKS 1200 SRV) to never display a message for a OAS action. it's denied and it's ok like that. We are following each alert from the epo in real time and we will act if necessary. Displaying a message for OAS is a time consuming process for everyone as the user panics, then call the helpdesk etc.....
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center