5 Replies Latest reply on Sep 3, 2012 9:03 AM by dnf

    Alerting of virus

    dnf

      Hi community,

       

      I need to receive an alert when a certain number of different computers have the same virus. ¿Is there a way to do that from the console?

       

      Thanks

        • 1. Re: Alerting of virus
          dnf

          Anybody has an idea? I can´t think of a way of doing it...

          • 2. Re: Alerting of virus
            sbenedix

            That should be doable from within the ePO console, email alerts can be configured aggregated and so on, maybe this would do the trick?

            • 3. Re: Alerting of virus
              Tristan

              Menu -> Automation -> Automatic Responses

               

              Step through the response builder wizard and configure the filter and aggregation screen something like the example below but obviously altering it to the virus/virus type/malware/pup/event that you want to detect.

               

              It's the aggregation section and selecting the distinct agent GUID option that will trigger the response when a certain number is reached.

              alert.jpg

              • 4. Re: Alerting of virus
                ittech

                Based on Tristan's example I've set up a similar alert that includes trojans, rootkits, and spyware. It also excludes certain threat name like "none" and those which contain the word "prevent". I know that "none" shows in my ePO reports when PCs start there scheduled scans and that there are a few different "prevent" threat names, most commonly one that is a deny terminate action. This way it will report any threat name, but not the ones that I feel are not a true threat.

                 

                Capture.PNG

                • 5. Re: Alerting of virus
                  dnf

                  Thanks Tristan sbenedix and ittech for the answer.

                   

                  I´ve tried these options but I can´t find the way of create the alert when the threat is the same. I mean, it has to be the same virus, trojan, rootkit....

                  By doing that, I can create an alert when a threat is found in different clients, but it could be different. I don´t know if I express myself properly or if I´m wrong with how I understood your advices.

                   

                  El mensaje fue editado por: dnf on 3/09/12 9:03:49 CDT