SEPM 11.0 MR 6 does not send an email notification for realtime protection risks detected

Posted on 2011-05-05
Last Modified: 2013-12-09
a rule for scheduled scans will send an email if risk found
but rule for risks detected using file system autoprotect will not send an email?

This means we dont know about risks unless we check the console or a user notifies us from their workstation?

we know email communication wokrs for one rule but not the other. same email address

is it not possible to have email notfication for risks detected using sepm 11?

Question by:BCSCOPS
    LVL 15

    Expert Comment

    YEs,  its a setting in the configuratiion.

    Follow this below:

    Creating notifications in the Symantec Endpoint Protection Manager:

    Different types of Symantec Endpoint Protection Manager Reports can be found here:

    Author Comment

    sorry we have gone through these settings already.

    ill try to make this more clear.  What we hope to achieve is an email notification is sent to an address if file system auto protect detects a risk on a workstation.

    This seems so logical to have a rule in place but it appears that it may not be possible.  only scheduled scans have worked so far

    here is our screen shot attached and domain and un is generic for security reasons.  

    remember weekly scan rule works in sending an email

    LVL 12

    Accepted Solution

    The notification works, but it will not be in real-time. There is no fast pathing of risk events in SEP at this time. So you'll end up receiving the email after the client has uploaded its logs of the event to the SEPM. You can speed things up somewhat by increasing how often the client heartbeats. But make sure your SEPM environment is architected to handle the extra load.

    Author Comment

    still not working at all. only scheduled scans work to notify.  case with symantec continues

    If someone can show exact steps how they setup rule to work then that would be great.

    LVL 12

    Assisted Solution

    In your attached screen shot everything looks correct. But one thing I can't see is what type of notification you picked. It should be 'single risk event' and not 'new risk detected'. New risk detected is only going to generate an email for risks the SEPM hasn't been told about yet. Whereas single risk event will generate an email each time based on the damper settings.

    Author Closing Comment

    becauese i still have the problem and no clear answer seems to exist. mixed responses even from support.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
    HOW TO REMOTELY CLEAN MEROND.O WITH ESET SILENTLY PROBLEM       If you have the fortunate luck to contract the Merond.O virus on your network, it can be quite troublesome to remove as it propagates to network shares on your network. In my case, the …
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now