1 Reply Latest reply on Apr 16, 2009 3:21 AM by tonyb99

    Notifications

      I have notification rules setup to email me when either an unwanted program or a virus is detected but not removed. I have been getting emails but its listing the threat that its finding as "Full Scan". The clients are set to scan on a nightly basis but I wouln't expect that to trip the event trigger. Here are the types of emails I am getting:

      XP123ePolicy Orchestrator Notification Rule: Unwanted Program detected and not removed
      Rule Defined At: Directory
      Description: Notifications sends an e-mail message when "Unwanted Program Detected and Not Removed" events are received.

      Number of events: 1
      Source computer IP addresses: Not Available
      Actual threat names: Full Scan
      Actual products: VirusScan
      Affected Computer: XP123
      Affected objects: Not Available

      For additional information, see the Notification Log in the ePolicy Orchestrator console.

      and

      ePolicy Orchestrator Notification Rule: Virus detected and not removed
      Rule Defined At: Directory
      Description: Notifications sends an e-mail message when "Virus Detected and Not Removed" events are received.

      Number of events: 1
      Source computer IP addresses: Not Available
      Actual threat names: Full Scan
      Actual products: VirusScan
      Affected Computer: X123
      Actual Threat: Full Scan

      For additional information, see the Notification Log in the ePolicy Orchestrator console.

      Now when I get an email regarding PC X I will get both a notice about an unwanted program and one about a virus. Is McAfee actually finding viruses/unwated programs or is some sort of false positive? The Server is EPO 4.0 with SP3 and running on 32bit Server 2003 with SP2.

      Thanks!
        • 1. RE: Notifications
          tonyb99
          if you check the scan logs on the machine in question do they show for instance an encrypted file that VSE cannot scan so has flagged as a possible virus or a time out on a file. IF so you can filter these events out.