cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOSITCS
Level 9
Report Inappropriate Content
Message 1 of 6
‎11-19-2009 07:21 AM

EPO 4.0 Notification Rules

Jump to solution

Can somepne point me to some good documentation (Best Practices) for setting up notification rules?  I have been trying to create rules that will notifiy us if a system is infected and cannot be cleaned or if a virus is removed but continues to infect the system.  It's getting frustrating to have our end-users call us to report that there computer is infected.  When we investigate the issue we discover that the system is infected but EPO never sent a notification.  Here is a view of one of my rules:

Name:Virus detected and not removed
Notes:Notifications sends an e-mail message when "Virus Detected and Not Removed" events are received
Defined at:My Organization
Priority:High
Status:Enabled
Operating systems:Workstation
Server
Products:ePO Server
GroupShield Exchange
McAfee Agent
VirusScan
Categories:Virus detected and NOT removed
Threat name:(Any)
Aggregation:Send a notification if multiple events occur within 20 minutes
When the number of affected systems is at least 10
When the number of events is at least 25
Throttling:At most, send a notification every 1 hours
Notifications:Email:


Does this look right to you?  BTW, I do have our IT staff listed in the EMail section of the notification.

Thanks,

Ron

0 Kudos
Reply
1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 6
‎11-19-2009 07:40 AM

Re: EPO 4.0 Notification Rules

Jump to solution

I've moved this to our ePO area. The URL did not change.

View solution in original post

0 Kudos
Reply
5 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 6
‎11-19-2009 07:40 AM

Re: EPO 4.0 Notification Rules

Jump to solution

I've moved this to our ePO area. The URL did not change.

0 Kudos
Reply
JoeBidgood
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6
‎11-19-2009 07:45 AM

Re: EPO 4.0 Notification Rules

Jump to solution

At first glance, those aggregation and throttling criteria are going to slow down your alerts.I would remove those to start with so that you get a notification for each detection. If after that you find that you're getting flooded you can introduce them again.

Regards -

Joe

0 Kudos
Reply
SOSITCS
Level 9
Report Inappropriate Content
Message 4 of 6
‎11-19-2009 07:50 AM

Re: EPO 4.0 Notification Rules

Jump to solution

Joe,

Thanks for the input.  I will follow your advice and tweak the aggregation and throttling criteria.

Ron

0 Kudos
Reply
SOSITCS
Level 9
Report Inappropriate Content
Message 5 of 6
‎11-19-2009 08:23 AM

Re: EPO 4.0 Notification Rules

Jump to solution

I made the following changes.  Now I'll just sit back and seee what happens.

Aggregation:Send a notification if multiple events occur within 10 minutes
When the number of affected systems is at least 1
When the number of events is at least 5
Throttling:At most, send a notification every 10 minutes

0 Kudos
Reply
JoeBidgood
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6
‎11-19-2009 08:27 AM

Re: EPO 4.0 Notification Rules

Jump to solution

I'd possibly go even further - under aggregation, select "Trigger this response for every event" and make sure the throttling checkbox is not selected...

Regards -

Joe

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC