I have one issue about EPO 4.5 and email notification. In our company we made two rules when we wish to be notified.
RULE (1) - If a user has trojan/virus on the pc & the file was sucessfully deleted
RULE (2) - If a user has trojan/virus on the pc & the file was UNsucessfully deleted
After a while we also wanted to grep pottentialy unwanted programs deleted. We have adde into our rules Threat Type equals: Potentially Unwanted problem.
Today we were looking threat event log ond EPO server and I found some events: Malware detected, infected files deleted (see the attached file).
We didn't recieve any e-mail notifications about thoose event. I have made a print screen of how the rule is maded and print screen of two events which did not lead to mail notificiations soo now I'm trying to figure it out why not.
With best regards,
I suspect you need to create a separate notification for the potentially unwanted program, because now the conditions evaluate to false, as a trojan is not a PUP but a malware (should be in my opinion).
You AND-ed two conditons (Threat Type and Threat Category) that kill each other as together they won't be true but separately, yes.