1 Reply Latest reply on Oct 13, 2010 7:05 AM by Attila Polinger

    Malware detected - but no email?

    bostjanc

      Greetings!

       

      I have one issue about EPO 4.5 and email notification. In our company we made two rules when we wish to be notified.

       

      RULE (1) - If a user has trojan/virus on the pc & the file was sucessfully deleted

      RULE (2) - If a user has trojan/virus on the pc & the file was UNsucessfully deleted

       

      After a while we also wanted to grep pottentialy unwanted programs deleted. We have adde into our rules Threat Type equals: Potentially Unwanted problem.

       

      PROBLEM:
      Today we were looking threat event log ond EPO server and I found some events: Malware detected, infected files deleted (see the attached file).

      We didn't recieve any e-mail notifications about thoose event. I have made a print screen of how the rule is maded and print screen of two events which did not lead to mail notificiations soo now I'm trying to figure it out why not.

       

      With best regards,

        • 1. Re: Malware detected - but no email?
          Attila Polinger

          Hello,

           

          I suspect you need to create a separate notification for the potentially unwanted program, because now the conditions evaluate to false, as a trojan is not a PUP but a malware (should be in my opinion).

          You AND-ed two conditons (Threat Type and Threat Category)  that kill each other as together they won't be true but separately, yes.

           

          Attila