5 Replies Latest reply on Sep 3, 2012 9:03 AM by dnf

    Alerting of virus


      Hi community,


      I need to receive an alert when a certain number of different computers have the same virus. ¿Is there a way to do that from the console?



        • 1. Re: Alerting of virus

          Anybody has an idea? I can´t think of a way of doing it...

          • 2. Re: Alerting of virus

            That should be doable from within the ePO console, email alerts can be configured aggregated and so on, maybe this would do the trick?

            • 3. Re: Alerting of virus

              Menu -> Automation -> Automatic Responses


              Step through the response builder wizard and configure the filter and aggregation screen something like the example below but obviously altering it to the virus/virus type/malware/pup/event that you want to detect.


              It's the aggregation section and selecting the distinct agent GUID option that will trigger the response when a certain number is reached.


              • 4. Re: Alerting of virus

                Based on Tristan's example I've set up a similar alert that includes trojans, rootkits, and spyware. It also excludes certain threat name like "none" and those which contain the word "prevent". I know that "none" shows in my ePO reports when PCs start there scheduled scans and that there are a few different "prevent" threat names, most commonly one that is a deny terminate action. This way it will report any threat name, but not the ones that I feel are not a true threat.



                • 5. Re: Alerting of virus

                  Thanks Tristan sbenedix and ittech for the answer.


                  I´ve tried these options but I can´t find the way of create the alert when the threat is the same. I mean, it has to be the same virus, trojan, rootkit....

                  By doing that, I can create an alert when a threat is found in different clients, but it could be different. I don´t know if I express myself properly or if I´m wrong with how I understood your advices.


                  El mensaje fue editado por: dnf on 3/09/12 9:03:49 CDT