Showing results for 
Search instead for 
Did you mean: 
Level 7
Report Inappropriate Content
Message 1 of 2

ePO V4.5 On Access Automated Alerts Not Available??

G'day Everyone.

Background to the issue.

We had alert messages in ePO V3.6 and V4.0 ticking away nicely.  Any time a forced scan, on demand scan, or the on access

real time scanner found a virus.....bang, straight into my email.

Updated to ePO v4.5 and found an entire new world of pain...the very granular way you can pump out automate alerts to warn of

messages seems very bogged down and, to me at least, down right confusing.

Now, I can get alert messages if I force a scan on all our pc's in the fleet.  While I think the list of variable in the filtering is a biit

of a least I can get something.

The really major concern I have is not receiving any alerts via On Access Real Time Scanning.  Personally this give me more current

and up to date warnings that doing a scan.....reason...if I scan all of our fleets pc everyday the clients get really peaved, call my boss

who tells me to turn it the full scans on pc's are only once a week.    Real Time scanning picks up the issue straight away

an gives me an indication of an outbreak.

However, no matter what Automated Alert variable/filters I select...and I've tried nearly all of them....I cannot get an alert message from

an On Acess real time scan event.

I know the pc's pick up viruses and on access is working.  I have a test virus and when I do an on demand scan it send an alert message.

However, if let the on access scan detect shows up in the on access scanner log....but no alert emails.

This one is surely bugging me and Im not getting any resolution from the Tech lads in New Dehli....6 hours logged in remotely to our setup

with the online support and no solution.

Any help would be appreciated.



Lost in McAfee ePO v4.5

1 Reply

Re: ePO V4.5 On Access Automated Alerts Not Available??

Here's how I have on-access scanning alerts (aka automatic responses) configured in my office...

Description Tab:
1) event = ePO notification events
2) event type = threat

Filter Tab:
1) threat category = belongs to "malware detected" and "malware detected using heuristics"
2) threat handled = I have alerts for true so I receive everything in email form and false that goes to our floor support to remediate

Aggregation Tab:
1) aggregation = trigger this response for every event
2) throttling = at most, trigger this response once every 15 minutes

Actions Tab:
1) send email (see subject and body I use in enviornment below)


Threat Handled ({threatHandled}) - {targetHostName}


A virus was detected on {targetHostName}. If the affected computer is located in your office, please have your local user support resource investigate this issue as soon as possible.

Hostname: {targetHostName}
IP Address: {targetIPV4}
Last Logged in User: {targetUserName}

Number of Events: {count}
First Event Time: {detectedUTC}
Threat Type: {threatType}
Threat Name: {threatName}
Event ID: {threatEventID}
Threat Handled: {threatHandled}
Event Description: {eventDesc}
Affected Objects: {targetFileName}

Having the alerts configured that way provides the most amount of information to quickly remediate an infected computer. And one thing worth mentioning is to have your McAfee Agent configured to have those computers check back into ePO at least every 60 minutes. Your ePO server will not send out an alert until after the affected computer sends its event history up to ePO, which in our office occurs every 60 minutes.

Let me know if any of that helps you or not.