cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
eilirw
Level 7
Report Inappropriate Content
Message 1 of 4

Virus Severity Rating - Can you implement within a notification rule?

Jump to solution

We are currently rolling out ePO 4.0 and using the email notification rule for virus notification, we want to install some type of severity rating in the email body of the notification.

Within the email body there is a category called {additionalinfo} which returns a certain value. In the live environment so far has resulted in viruses being detected with values of 3 and 4. I've researched the Threat Centre for additional information on these viruses encountered, couldanyone confirm the value of 3 (three) equates to a virus category of low and whether the value of 4 (four) equates to low profiled. Am I correct with the assumption that this {additionalinfo} category relates to the risk level of the virus?

ePO 4.0 (Patch 4)

VirusScan 8.7i (Patch 1)

McAfee Agent 4.0 (Patch 1)

1 Solution

Accepted Solutions
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Virus Severity Rating - Can you implement within a notification rule?

Jump to solution

eilirw wrote:


Am I correct with the assumption that this {additionalinfo} category relates to the risk level of the virus?

Not quite - as far as I know the {additonalinfo} field for detection events is mapped to the severity of the event, rather than the rating of the threat, as follows:

1 - Informational

2 - Warning

3 - Low

4 - Severe

In terms of a detection, a virus that was detected and cleaned would be classified Low: a virus that was detected and not cleaned would be classified Severe.

Regards -

Joe

3 Replies
McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Virus Severity Rating - Can you implement within a notification rule?

Jump to solution

eilirw wrote:


Am I correct with the assumption that this {additionalinfo} category relates to the risk level of the virus?

Not quite - as far as I know the {additonalinfo} field for detection events is mapped to the severity of the event, rather than the rating of the threat, as follows:

1 - Informational

2 - Warning

3 - Low

4 - Severe

In terms of a detection, a virus that was detected and cleaned would be classified Low: a virus that was detected and not cleaned would be classified Severe.

Regards -

Joe

eilirw
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Virus Severity Rating - Can you implement within a notification rule?

Jump to solution

Thanks Joe for your reply, makes sense now what those values actually means. Would you know if there is a mechamism of categorising the risk level of the virus within the notification or would it still be the case to check the virus found on-line with the threat centre.

McAfee Employee JoeBidgood
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Virus Severity Rating - Can you implement within a notification rule?

Jump to solution

As far as I know there is no way to do this - there is no information in the DATs that would allow the scanners to classify detections in this way, especially since the risk level can change.  I would always recommend checking anything you're unsure about on the threat centre.

There's a huge number of potential detections, though, of which only a very small percentage have their risk level elevated - so checking everything that crosses your desk may be a full-time job    If you haven't already done so I would recommend signing up for the McAfee Labs security advisories: that way you will be notified when anything noteworthy happens.  The McAfee Labs blog and podcasts are also a good way of keeping abreast of new developments.

Regards -

Joe

More McAfee Tools to Help You

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community