We are wanting to know if it is possible to get email alerts from EPO when say a virus/user has disabled the On-Access Scanner and that it did not get re-enabled?
In our environment, we allow the user to temporarily disable the OAS for 30 minutes until the EPO policy re-enables it. We are aware that a lot of viruses/trojans will run scripts to disable the OAS. We want to get alerts from EPO to get notified when this occurs.
We do currently get "notification" alerts from EPO about when systems get a virus.
RE: Way to be alerted about when the OAS is disabled
Well, I think I found my answer on the McAfee knowledgebase. Acticle KB41896
It states that you can't get alerted when a user manually disables the OAS. The "On-Access Scanner is disabled" selection under the notification rules is for a malfunction/threat. That explains why it did not send an alert when I manually disabled the OAS on a test workstation.
Not too sure how to test a malfunction/threat to see if it will send the alert.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.