1 2 Previous Next 10 Replies Latest reply on Sep 27, 2017 8:41 AM by rama2209

    Mcafee ATD notification




      is there a way to send a notification email when ATD find a malicious file?

        • 1. Re: Mcafee ATD notification

          Hi bec3


          Nope - you can't configure or send email notifications from ATD. You could however syslog the analysis results out to a SIEM/syslog server and configure email notifications there.




          • 2. Re: Mcafee ATD notification

            Thanks David for the quick response,



            okay, what about TIE? can we send notification from TIE when a bad reputation found?

            • 3. Re: Mcafee ATD notification



              No worries bec3


              For TIE, I'm not 100 % sure...

              I could check the product guide to confirm it..but since TIE is fully integrated with ePO, I'm pretty sure you can email out notifications for specific TIE events from ePO.




              • 4. Re: Mcafee ATD notification



                a) ATD: Sadly No you CAN only send a THREAT allert with absolute no info you can USE from reports OR automatic answer. There is INFO under: ATD Event Log Information of the TREATH in EPO but you simply can't use it in standard reports. Maybe possible if you use the EPO-API or direct on the SQL tables.

                b) Sending E-Mail from ATD: We are sadly dissapointed that they where unable to INTEGRATE that into release 4.0. There has been a MCAFEE IDEA posted from several people for that. They have the E-Mail/SMTP module so sending an E-Mail should not be a problem. It's three lines of code anyway so why not?. BUT maybe if you buy such a XX-Dollar thing they think you have SIEM (Splunk) or large syslog servers in place with reporting etc.

                c) TIE: Yes for the TIE you can send such an E-mail play around with and EVENT (Threat) you see in EPO and try to build and automatic Respone.


                Heres is a sample from ENS 10.5 and TIE. We send an alert when something is blocked.

                Info we get BACK from ATD to EPO sample:


                • 5. Re: Mcafee ATD notification

                  This is highly disappointing. So the information is there but you'll need a SIEM to get at it. Just great.

                  • 6. Re: Mcafee ATD notification

                    Maybe another option would be to use the ATD API and script a scheduled check that will trigger an email out based on the threat level of the file inspected? And maybe even add some of the report details... But haven't used the ATD API do not sure how much I do you could pull that way and automate the email notification.




                    • 7. Re: Mcafee ATD notification

                      Appreciate it, but we're moving forward with a SIEM product anyhow.

                      • 8. Re: Mcafee ATD notification

                        So anyone could explain what is the cause of this event where threat_name is "atd_detected_threat", Threat Category is "malware" and threat handled is "no".


                        Signature ID:357-36725 , Normalize ID:1344274432 , Event ID:110537401683


                        Is it a real threat or issue of ePO/ATD.



                        What is this issue exactly ?

                        • 9. Re: Mcafee ATD notification

                          Could you please help me to understand this issue. What is this threat message about to.

                          1 2 Previous Next