Here's a question, why doesn't ePO (4.5) have instant alert notification? Take away the email alert side of things for a moment, what would be really useful is to have some kind of instant alert in the console that flashes up an alert warning as soon as an event is received from an agent?
Ideally an alert with a set of options attached to it such as acknowledge, delete, show properties etc
Back in the days of ePO 3.6x and Alert Manager it was possible to have alerts sent to the windows logs of the Alert Manager (our old ePO server) and a windows message popped up each time (sometimes it was a pain!) but at least the admin got an 'instant' alert and didn't have to also rely on the email notification.
I'm presuming this feature isn't in ePO 4.5, I certainly haven't seen it yet.
What I really want is for my Admins who have the console opened in front of them to get an instant notification of a virus alert or HIPS alert without having to keep refreshing the Threat Event Log or HIPS Log.
Personally I use a tabled report for this that I refresh frequently (and email only for non cleanable/error on removal malware)
I would question how usefull a popup would be, I still sometimes see pc's and servers brought to their knees by worm infection with locked files where Mcafee tries to clear a ocked file and cant so generates a popup ever second (which is what brings the machine to its knees) how would this work if you get a widespread worm infection... this is why the notifications/emails with their threshhold settings are handy.
You can remove the thresholds and report every item, and pull in more relevant info than you could from the old obsolete alert manager and via a mailbox you can see if its been seen/dealt with never mind SMS etc. Just not sure why you would want the old system....
I'm not suggesting we should go back to the old methods and agree a windows message pop up is not the ideal solution, but if we look at other products like Microsoft MOM for example, it pops an entry in to the console that remains red until the alert is actioned, something like that would be useful.
For me it's a bit like having a fire alarm system with no bells or sounder, the only way you would know there was a fire in the building would be to periodically check the fire control panel, if you see what I mean?
What I want is for my admin guy to be sat in front of an ePO console and actually see something flag up on his screen that he has to action/investigate instead of relying on an email to drop in his inbox.
The only way I see this happening at present is to use 3rd party tools for SNMP traps and alerts.
What about creating an Automatic Response that generates a new issue when unhandled malware is detected? It's not quite an instant pop up. But if your admin had the Issues console open they should see newly created issues at whatever the automatic refresh interval is set to.