cancel
Showing results for 
Search instead for 
Did you mean: 
jtighe
Level 7
Report Inappropriate Content
Message 1 of 4

Virus Detection alerts in EPO 4.5

Threat Type : None
Severity : Critical
Action Taken : none
User : useruser
Machine Name : egmachine
Virus Name : none

I have an automatic response configured to email me whenever a threat is detected by VSE 8.5 and the threat severity is either critical or emergency. Above is the body of an email I have since received several times. The machine name and username are different for different detections. Whenever I then scan the machine the threat is detected on the only thing that shows up are cookies if anything. What I am wondering is why threat type and virus name are 'none'? Also is there a better way of configuring an automatic response to email me when a machine is infected with a serious threat (ie. not just a cookie or a warning about a rule violation)?

Any assistance or advice greatly appreciated.

Currently running EPO 4.5, vse 8.5 + antispyware, agent 4.0.

3 Replies

Re: Virus Detection alerts in EPO 4.5

Personally I would disable the cookie detection notifications in the VSE Policies first. As this will get rid of the possibly unwanted nagging about cookies. Also these cookie detections will fill up an ePO Database quickly. Once this is done your current configuration should work just fine.

jtighe
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Virus Detection alerts in EPO 4.5

Not sure how to disable the cookie detection notifications, would be happy to do so.

Is it Policy Catalog - Product: vse 8.5, Catagory: Alert policies - Alert Manager Options: Disable Alerting??? - worried that this will disable alerting for more serious threats rather than just cookies?

Highlighted
dvo
Level 9
Report Inappropriate Content
Message 4 of 4

Re: Virus Detection alerts in EPO 4.5

answering these 2 questions

What I am wondering is why threat type and virus name are 'none'?

because the event really has no threat type and no virus name...typically happens on a scan timeout or a scan skipped due to an encrypted file.

Also is there a better way of configuring an automatic response to email me when a machine is infected with a serious threat (ie. not just a cookie or a warning about a rule violation)?

we have a default response for that...its called 'malware detected and not handled' which covers 'infections'...aka detections that the VSE could not handle which you need to action on.

Message was edited by: dvo on 12/2/09 9:44 AM

Message was edited by: dvo on 12/2/09 9:48 AM
More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community