I plan to set up an automated job to test antivirus by dropping the EICAR test file on my file servers.
What I would like to have, is an automated E-mail when the EICAR test string has not been detected in the previous 24 hours.
Can this be done within ePO? (I'm currently on 4.6.6, but plan to upgrade soon, so a solution using later versions would still be useful.)
I do see how to set an automatic response, and I can set one up for when the threat name equals EICAR test file.
I can create a query showing how many EICAR test file detections occurred in the last X days.
Can I set up a server task to send an E-mail if the query returns zero records? If so, how?
Moved provisionally to ePO for better support.
Here is an educational video I put together for you that shows the nuts and bolts of how to do it.
I hope that answers your question.
Thank you for the response.
As stated in the original post, I already understand how to create an automatic response when the EICAR file is detected.
What I want is a notification when the EICAR file is NOT detected.
I want to automate the EICAR test, and I only want to be notified when the test fails. I can test antivirus much more effectively if I automate it.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC