7 Replies Latest reply on Jul 25, 2010 4:12 AM by Attila Polinger

    Automatic e-mails too sensitive...firing every few minutes.

      Hello...just upgraded to ePO 4.5 and have configured a notification event to send an email when a threat is detected and not handled.  I have the rule set as following:

       

       

      Defined at:  My Organization

       

      Threat Type:

       

      equals virus or

      equals trojan or

      equals adware or

      equals p2p client or

      equals password cracker or

      equals rootkit or

      equals spyware

       

      and

       

      threat handled equals false

       

      and

       

      detecting product name equals virusscan enterprise

       

      and

       

      threat severity equals alert

       

       

       

       

       

      I am receiving alerts on all kinds of items which I know are normal activity, such as dameware, autorun on discs, and even Mcafee files.

       

      Dameware: Virus

      agtmetadet.mcs(mcafee EPOAgent3000Meta): Virus

      netterm.exe: virus

      \Network Associates\Common Framework\UpdateHistory.ini:  virus

      C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\AgentEvents\20100721151337761000008E0.txml: virus

       

       

      Should I set Threat Severity to Critical? Any other ideas?

       

       


       

       

      Message was edited by: aquilisdicio on 7/21/10 2:28:35 PM CDT