cancel
Showing results for 
Search instead for 
Did you mean: 

Detected by AV or AS Component - can you alert and report ?

Hi,

Is it possible to distinguish and notify malware detection based on whether it was detected by AV or AS component ?

Can't see anything obvious under the categories and products available for notification rule and message creation.

I.E. report/notify viruses vs spyware detection based on whether it was detected by the Antivirus or the Antispyware "product/component"

Thanks,

Jim
3 Replies
epo909
Level 9
Report Inappropriate Content
Message 2 of 4

RE: Detected by AV or AS Component - can you alert and report ?

Hello.

I think this may help:

Create a new query, based on events, go thru all the configs and when you reach the filter tab, insert a Threat Type filter and pick app_adware (you can try other types too).

Depending on the environment, you may see lots of cookie* and joke* type malware.

Regards
RD

RE: Detected by AV or AS Component - can you alert and report ?

I think selecting "VirusScan" as the product and "Unwanted program detected....." options for category should be pretty close to AS events.

RE: Detected by AV or AS Component - can you alert and report ?

Thanks for that suggestion - I'll have a look at that Smiley Happy

It's ePO 3.5/3,6 at the moment BTW

Jim