7 Replies Latest reply on Apr 5, 2017 5:38 PM by norbertg

    Change email notification details

    norbertg

      I'm not sure if it's VSE or MSME that is generating these emails but I would like to change some details, mainly add some company text to these emails.

       

      I have spent hours in VSE, MSME and EPO looking for where the setting is located with zero luck finding it.

      ---

       

      From: Norbert
      Sent: Wednesday, 16 December 2015 12:42 PM
      To: Spam <spam@domain.com>
      Subject: MCAFEE E-MAIL SCAN ALERT!~FILTER TEST!!!

       

       

       

      Attachment file : 15069447.doc\WordDocument

      Scanner Detected: W97M/Downloader.asw (Trojan)

      Action taken : Deleted (Clean failed)

       

       

      Attachment file : fax00163721.xls\Workbook

      Scanner Detected: W97M/Downloader.asw (Trojan)

      Action taken : Deleted (Clean failed)

       

       

      Attachment file : Untitled_14102015_154510.doc\WordDocument

      Scanner Detected: W97M/Downloader.asw (Trojan)

      Action taken : Deleted (Clean failed)

        • 1. Re: Change email notification details
          thoom2027

          Hello Friend,

           

          Google Translate:

          This message is VirusScan Enterprise that sends automatic when a threat is found and took no action. For you see, in all three cases the VSE failed to clear.

           

          You can change these messages MENU => AUTOMATIC RESPONSES select and responsible task as the image below:

          -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------

          Essa mensagem é o VirusScan Enterprise que envia automatico quando uma ameaça é encontrada e não teve nenhuma ação. Pois como pode ver, nos três caso o VSE não conseguiu limpar.

           

          Você pode alterar essas mensagem em MENU => AUTOMATIC RESPONSES e selecionar tarefa responsável conforme a imagem abaixo:

           

          vse_virus.png

           

          Google Translate:

          After selecting and clicking Edit, you will give next until you get to step 4 Action, so you can make the changes as shown below:


          -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- --------------------------------------------------------------------------------

           

          Depois que selecionar e clicar em Editar, vai dando next até chegar no passo 4 Action, então voce pode fazer as modificações conforme mostra imagem abaixo:

           

          vse_virus_2.png

           

          Hugs

          • 2. Re: Change email notification details
            norbertg

            Thanks thoom, I don't believe this is the setting as the subject is different and I believe the trojan was handled.

             

            I should mention I sent a test email from Outlook with a known Trojan to test (sent to our internal active directory spam group) MSME, this is what generated the alert. I am running VSE8.8p6, however most people in our organization are on 8.8p5. We are running MSME 8.5 and EPO 5.1.1. Most people are running Agent 5.0.1 however I am on 5.0.2.

             

            I haven't had any luck regenerating the alert. I have seen it from time to time but it's very rare.

            • 3. Re: Change email notification details
              thoom2027

              Hello man,

               

              This option that I posted for you, it's enabled on your ePO ?

               

              -------------------------------------------------------------------------------- -------------------------------------------

              Esta opção que postei pra você está habilitada e configurado no seu ePO ?

              • 4. Re: Change email notification details
                norbertg

                Hi Thoom,

                 

                Yes it is enabled.

                 

                Here is how the 'Malware detected and not handled' email is setup:

                 

                Subject: McAfee "Malware detected and not handled" events received

                 

                Body:

                ePolicy Orchestrator Notification

                Response Name: {responseRuleName}

                Event Type Name: {responseEventType}

                Defined at: {definedAt}

                System Location: {nodeTextPath}

                Description: Sends an e-mail notification when "Malware detected and not handled" events are received.

                 

                 

                Number of events: {count}

                Source IPV6 addresses: {sourceIPV6}

                Source IPV4 addresses: {sourceIPV4}

                Target hostname: {listOfTargetHostName}

                Target username: {listOfTargetUserName}

                Threat Names: {threatName}

                Detecting Product Names: {analyzerName}

                 

                ---

                 

                I have received the Malware detected and not handled emails which contain different content to the original post.

                 

                Thanks,

                Norbert

                • 5. Re: Change email notification details
                  Richard Carpenter

                  Moved to ePO for a future user searching for a similar issue.

                   

                  Rich

                  Volunteer McAfee Moderator - Business Products

                  • 6. Re: Change email notification details
                    brentil

                    That email subject is not a normal ePO email alert so it looks like you might have a custom Automatic Response setup.  I would look through each Automatic Response looking for that subject.

                     

                    VSE cannot send emails on its own, it requires an Alert Manager (which I don't even know if McAfee makes/support anymore) or ePO.  Open VSE and go to Tools -> Alerts -> Alert Manager Alerts -> and see if a Destination is enabled.  You might have a legacy system running still even though you now have ePO.

                     

                    I don't manage our MSME so I'm not sure if it can trigger alerts or not on its own.

                     

                    Also while yes it was handled, it was handled on the Delete option and not the Clean so you'll get an alert on clean failure.  So something is still triggering.

                    • 7. Re: Change email notification details
                      norbertg

                      Thanks, I don't see any destination set in VSE. Strangely I don't think I have seen another email with that heading since.