Hi All,
we are seeing email notification for "EICAR test file" So, I checked Email notification settings and it shows the filter is set
Contains "EICAR test file". Is it important to have it filtered Contain or not contain?
If the file is deleted why are we seeing the same alert every three hours?
Also, the user is root, I wasn't able to check if anyone is testing to confirm the legitimatcy of EICAR testing.
I would look at what system or systems is generating that alert. Alert settings are your choice for how they are set up and what you want alerted on, so if you don't want to see those, you can disable it. Most people use that for testing the alerting, then turn it off.
If nobody is doing any testing, see if that system generating the alert has a policy setting to deny access to the file - in that case, it might not get deleted and might still trigger a detection. Get with the VSE or ENS team for any assistance with that.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?