cancel
Showing results for 
Search instead for 
Did you mean: 

Notifications

I have notification rules setup to email me when either an unwanted program or a virus is detected but not removed. I have been getting emails but its listing the threat that its finding as "Full Scan". The clients are set to scan on a nightly basis but I wouln't expect that to trip the event trigger. Here are the types of emails I am getting:

XP123ePolicy Orchestrator Notification Rule: Unwanted Program detected and not removed
Rule Defined At: Directory
Description: Notifications sends an e-mail message when "Unwanted Program Detected and Not Removed" events are received.

Number of events: 1
Source computer IP addresses: Not Available
Actual threat names: Full Scan
Actual products: VirusScan
Affected Computer: XP123
Affected objects: Not Available

For additional information, see the Notification Log in the ePolicy Orchestrator console.

and

ePolicy Orchestrator Notification Rule: Virus detected and not removed
Rule Defined At: Directory
Description: Notifications sends an e-mail message when "Virus Detected and Not Removed" events are received.

Number of events: 1
Source computer IP addresses: Not Available
Actual threat names: Full Scan
Actual products: VirusScan
Affected Computer: X123
Actual Threat: Full Scan

For additional information, see the Notification Log in the ePolicy Orchestrator console.

Now when I get an email regarding PC X I will get both a notice about an unwanted program and one about a virus. Is McAfee actually finding viruses/unwated programs or is some sort of false positive? The Server is EPO 4.0 with SP3 and running on 32bit Server 2003 with SP2.

Thanks!
1 Reply
tonyb99
Level 13
Report Inappropriate Content
Message 2 of 2

RE: Notifications

if you check the scan logs on the machine in question do they show for instance an encrypted file that VSE cannot scan so has flagged as a possible virus or a time out on a file. IF so you can filter these events out.