cancel
Showing results for 
Search instead for 
Did you mean: 
jrp78
Level 10
Report Inappropriate Content
Message 1 of 3

Automatic Response Email notification isn't working correctly ??

Jump to solution

I don't understand why I keep getting responses for events labeled as "information" when I've told the filters to exclude them.

See the screenshots and notice I am telling the filter to show all events with event description "access protection rule violation detected and blocked" but to exclude one particular host and ignore all severity events that are labeled as "information" . Yet, i'm still getting emails for information events.

epo2.png

epo3.png

epo1.png

1 Solution

Accepted Solutions
jrp78
Level 10
Report Inappropriate Content
Message 3 of 3

Re: Automatic Response Email notification isn't working correctly ??

Jump to solution

Never got it to work exactly like I wanted. Support said something along the lines of it won't work with too many filters. I was able to make it with just two filters which is "OK" for now.

2 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Automatic Response Email notification isn't working correctly ??

Jump to solution

It would be helpful to see the log entries for when epo is evaluating the response.  Follow KB52369 to locate the log-config.xml file and do not change the normal logging to debug, but instead add the following logger after the last logger in the file.

<logger name="com.mcafee.epo.notifications">

<level value="debug”/>

</logger>

You don't need to restart services, just wait a few minutes for that to take affect.  The next time you get a notification, post the orion log for that time frame for us to review.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

jrp78
Level 10
Report Inappropriate Content
Message 3 of 3

Re: Automatic Response Email notification isn't working correctly ??

Jump to solution

Never got it to work exactly like I wanted. Support said something along the lines of it won't work with too many filters. I was able to make it with just two filters which is "OK" for now.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.