3 Replies Latest reply on Dec 2, 2009 10:48 AM by jtighe

    Virus Detection alerts in EPO 4.5

      Threat Type : None
      Severity : Critical
      Action Taken : none
      User : useruser
      Machine Name : egmachine
      Virus Name : none

       

      I have an automatic response configured to email me whenever a threat is detected by VSE 8.5 and the threat severity is either critical or emergency. Above is the body of an email I have since received several times. The machine name and username are different for different detections. Whenever I then scan the machine the threat is detected on the only thing that shows up are cookies if anything. What I am wondering is why threat type and virus name are 'none'? Also is there a better way of configuring an automatic response to email me when a machine is infected with a serious threat (ie. not just a cookie or a warning about a rule violation)?

       

      Any assistance or advice greatly appreciated.

       

      Currently running EPO 4.5, vse 8.5 + antispyware, agent 4.0.

        • 1. Re: Virus Detection alerts in EPO 4.5
          RMCCULLO

          Personally I would disable the cookie detection notifications in the VSE Policies first. As this will get rid of the possibly unwanted nagging about cookies. Also these cookie detections will fill up an ePO Database quickly. Once this is done your current configuration should work just fine.

          1 of 1 people found this helpful
          • 2. Re: Virus Detection alerts in EPO 4.5

            answering these 2 questions

             

            What I am wondering is why threat type and virus name are 'none'?

            because the event really has no threat type and no virus name...typically happens on a scan timeout or a scan skipped due to an encrypted file.

             

            Also is there a better way of configuring an automatic response to email me when a machine is infected with a serious threat (ie. not just a cookie or a warning about a rule violation)?

            we have a default response for that...its called 'malware detected and not handled' which covers 'infections'...aka detections that the VSE could not handle which you need to action on.

             

             

            Message was edited by: dvo on 12/2/09 9:44 AM

             

             

            Message was edited by: dvo on 12/2/09 9:48 AM
            1 of 1 people found this helpful
            • 3. Re: Virus Detection alerts in EPO 4.5

              Not sure how to disable the cookie detection notifications, would be happy to do so.

               

              Is it Policy Catalog - Product: vse 8.5, Catagory: Alert policies - Alert Manager Options: Disable Alerting??? - worried that this will disable alerting for more serious threats rather than just cookies?