?
Solved

SEPM 11.0 MR 6 does not send an email notification for realtime protection risks detected

Posted on 2011-05-05
6
Medium Priority
?
1,079 Views
Last Modified: 2013-12-09
a rule for scheduled scans will send an email if risk found
but rule for risks detected using file system autoprotect will not send an email?

This means we dont know about risks unless we check the console or a user notifies us from their workstation?

we know email communication wokrs for one rule but not the other. same email address

is it not possible to have email notfication for risks detected using sepm 11?

0
Comment
Question by:BCSCOPS
  • 3
  • 2
6 Comments
 
LVL 15

Expert Comment

by:Robert Sutton Jr
ID: 35702867
YEs,  its a setting in the configuratiion.

Follow this below:

Creating notifications in the Symantec Endpoint Protection Manager:
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/d28e5621b64d9ddb88257543007672ff?OpenDocument

Different types of Symantec Endpoint Protection Manager Reports can be found here:
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009081409151448?OpenDocument&Click=
0
 

Author Comment

by:BCSCOPS
ID: 35710302
sorry we have gone through these settings already.

ill try to make this more clear.  What we hope to achieve is an email notification is sent to an address if file system auto protect detects a risk on a workstation.

This seems so logical to have a rule in place but it appears that it may not be possible.  only scheduled scans have worked so far


here is our screen shot attached and domain and un is generic for security reasons.  

remember weekly scan rule works in sending an email
'



Doc2.doc
0
 
LVL 12

Accepted Solution

by:
jmlamb earned 1500 total points
ID: 35723414
The notification works, but it will not be in real-time. There is no fast pathing of risk events in SEP at this time. So you'll end up receiving the email after the client has uploaded its logs of the event to the SEPM. You can speed things up somewhat by increasing how often the client heartbeats. But make sure your SEPM environment is architected to handle the extra load.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:BCSCOPS
ID: 35756124
still not working at all. only scheduled scans work to notify.  case with symantec continues

If someone can show exact steps how they setup rule to work then that would be great.

0
 
LVL 12

Assisted Solution

by:jmlamb
jmlamb earned 1500 total points
ID: 35758398
In your attached screen shot everything looks correct. But one thing I can't see is what type of notification you picked. It should be 'single risk event' and not 'new risk detected'. New risk detected is only going to generate an email for risks the SEPM hasn't been told about yet. Whereas single risk event will generate an email each time based on the damper settings.
0
 

Author Closing Comment

by:BCSCOPS
ID: 35970453
becauese i still have the problem and no clear answer seems to exist. mixed responses even from support.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question