cancel
Showing results for 
Search instead for 
Did you mean: 

Email Notification

Hi All,

we are seeing email notification for "EICAR test file" So, I checked Email notification settings and it shows  the filter is set 

Contains   "EICAR test file". Is it important to have it filtered  Contain or not contain? 

If the file is deleted why are we seeing the same alert every three hours?

Also, the user is root, I wasn't able to check if anyone is testing to confirm the legitimatcy  of EICAR testing.

1 Reply
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Email Notification

I would look at what system or systems is generating that alert.  Alert settings are your choice for how they are set up and what you want alerted on, so if you don't want to see those, you can disable it.  Most people use that for testing the alerting, then turn it off. 

If nobody is doing any testing, see if that system generating the alert has a policy setting to deny access to the file - in that case, it might not get deleted and might still trigger a detection.  Get with the VSE or ENS team for any assistance with that.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support
  • The McAfee ePO Support Center Plug-in is now available in the Software Manager. Follow the instructions in the Product Guide for more.