5 Replies Latest reply on Nov 19, 2009 10:27 AM by JoeBidgood

    EPO 4.0 Notification Rules

    SOSITCS

      Can somepne point me to some good documentation (Best Practices) for setting up notification rules?  I have been trying to create rules that will notifiy us if a system is infected and cannot be cleaned or if a virus is removed but continues to infect the system.  It's getting frustrating to have our end-users call us to report that there computer is infected.  When we investigate the issue we discover that the system is infected but EPO never sent a notification.  Here is a view of one of my rules:

       

      Name:Virus detected and not removed
      Notes:Notifications sends an e-mail message when "Virus Detected and Not Removed" events are received
      Defined at:My Organization
      Priority:High
      Status:Enabled
      Operating systems:Workstation
      Server
      Products:ePO Server
      GroupShield Exchange
      McAfee Agent
      VirusScan
      Categories:Virus detected and NOT removed
      Threat name:(Any)
      Aggregation:Send a notification if multiple events occur within 20 minutes
      When the number of affected systems is at least 10
      When the number of events is at least 25
      Throttling:At most, send a notification every 1 hours
      Notifications:Email:


      Does this look right to you?  BTW, I do have our IT staff listed in the EMail section of the notification.

       

      Thanks,

       

      Ron