3 Replies Latest reply on Sep 28, 2015 1:32 PM by asavener

    How to send E-mail notification when event NOT detected?


      I plan to set up an automated job to test antivirus by dropping the EICAR test file on my file servers.


      What I would like to have, is an automated E-mail when the EICAR test string has not been detected in the previous 24 hours.


      Can this be done within ePO?  (I'm currently on 4.6.6, but plan to upgrade soon, so a solution using later versions would still be useful.)



      I do see how to set an automatic response, and I can set one up for when the threat name equals EICAR test file.


      I can create a query showing how many EICAR test file detections occurred in the last X days.


      Can I set up a server task to send an E-mail if the query returns zero records?  If so, how?