cancel
Showing results for 
Search instead for 
Did you mean: 

ePO 4.6 no threat mail sending

Jump to solution

Hello,

I have setup a new ePO 4.6 server with Antivirus 8.8 clients.

All works great. I have setup a Automatic response when a threat is deteteced. (removed or not)

However,I don't receive the email when a threat was detected.

I do get mails from EPO so it isn't the mail server.

What am I doing wrong?

see attached files

1 Solution

Accepted Solutions
georgec
Level 13
Report Inappropriate Content
Message 4 of 7

Re: ePO 4.6 no threat mail sending

Jump to solution

I don't think unwanted program is considered malware. unwanted programs are remote admin tools, and other things like that. Try testing with malware like EICAR test file:

http://www.eicar.org/85-0-Download.html

The antivirus will see it as malware. it's just a file to test detection, no harm will come to the machine.

http://en.wikipedia.org/wiki/EICAR_test_file

Or, you can change the filter. Try first removing the threat type, and leave the notification for all threat event logs at "my organisation" level. If it works, then fine tune it.

on 10/4/12 6:58:23 AM CDT
6 Replies

Re: ePO 4.6 no threat mail sending

Jump to solution

If you see nothing related under your server task logs then this means the automated response has not been triggered and so there may be a problem with your response definition.

Can you post the filter section of this response?

Re: ePO 4.6 no threat mail sending

Jump to solution

Hoi Laszlo G,

I don't see anything related under server task logs.

Here is the filter screen

Naamloos3.png

georgec
Level 13
Report Inappropriate Content
Message 4 of 7

Re: ePO 4.6 no threat mail sending

Jump to solution

I don't think unwanted program is considered malware. unwanted programs are remote admin tools, and other things like that. Try testing with malware like EICAR test file:

http://www.eicar.org/85-0-Download.html

The antivirus will see it as malware. it's just a file to test detection, no harm will come to the machine.

http://en.wikipedia.org/wiki/EICAR_test_file

Or, you can change the filter. Try first removing the threat type, and leave the notification for all threat event logs at "my organisation" level. If it works, then fine tune it.

on 10/4/12 6:58:23 AM CDT

Re: ePO 4.6 no threat mail sending

Jump to solution

I have downloaded the eicar file. 8.8 deleted it nicely. However no mail.

Here is the logfile for my test PC.

Message was edited by: jellekamma on 10/4/12 7:07:06 AM CDT

Re: ePO 4.6 no threat mail sending

Jump to solution

suddenly I got spammed by EPO:

I did what you said

finetune.png

georgec
Level 13
Report Inappropriate Content
Message 7 of 7

Re: ePO 4.6 no threat mail sending

Jump to solution

Great!

It's just a matter of filtering the right events

Try using the id of the events when filtering.

George

on 10/4/12 7:22:02 AM CDT