About the preconfigured notifications

Article:HOWTO55128  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55128
Article Type
How To



About the preconfigured notifications

Symantec Endpoint Protection Manager provides preconfigured notifications conditions for administrators. You can customize these preconfigured notifications to meet your particular needs. For example, you can add filters to limit a trigger condition only to specific computers. Or you can set notifications to take specific actions when they are triggered.

By default, some of these conditions are enabled when you install Symantec Endpoint Protection Manager. Notification conditions that are enabled by default are configured to log to the server and send email to system administrators.

See Managing notifications

See How upgrades from another version affect notification conditions

Table: Preconfigured notifications

Notification

Description

Authentication failure

The Authentication failure notification is triggered by a determined number of logon failures in a defined period of time. You can set the number of logon failures and the time period within which they must occur to trigger the notification.

Client list changed

This notification triggers when there is a change to the existing client list. This notification condition is enabled by default.

Client list changes can include:

  • The addition of a client

  • A change in the group of a client

  • A change in the name of a client

  • The deletion of a client

  • A change in the hardware of a client

  • A change in the Unmanaged Detector status of a client

  • A client mode change

Client security alert

This notification triggers upon any of the following security events:

  • Compliance events

  • Network Threat Protection events

  • Traffic events

  • Packet events

  • Device control events

  • Application control events

You can modify this notification to specify the type, severity and frequency of the conditions that trigger the notification time period within which these events occur.

Some of these occurrence types require that you also enable logging in the associated policy.

Download Protection content out-of-date

Alerts administrators about out-of-date Download Protection content. You can specify the age at which the definitions trigger the notification.

Enforcer is down

This notification triggers when the Enforcer appliance goes offline. The notification tells you the name of each Enforcer, its group, and the time of its last status.

Forced application detected

This notification triggers when an application on the commercial application list is detected or when an application on the list of applications monitored by the administrator is detected.

IPS signature out-of-date

Alerts administrators about out-of-date IPS signatures. You can specify the age at which the definitions trigger the notification.

Paid license issue

This notification alerts administrators and, optionally, partners about paid licenses that have expired or that are about to expire.

This notification condition is enabled by default.

Over-deployment issue

This notification alerts administrators and, optionally, partners about over-deployed paid licenses.

This notification condition is enabled by default.

Trial license expiration

This notification alerts administrators about expired trial licenses.

This notification is enabled by default.

New learned application

This notification triggers when application learning detects a new application.

New user-allowed application

This notification triggers when a client computer allows an application detected by Download Insight. An administrator can use this information to help evaluate whether to block or allow the application.

New risk detected

This notification triggers whenever a new risk is detected by virus and spyware scans.

New software package

This notification triggers when a new software package downloads or the following occurs:

  • A client package is downloaded via LiveUpdate.

  • The management server is upgraded.

  • Client packages are manually imported via the console.

You can specify whether the notification is triggered only by new security definitions, only by new client packages, or by both. By default, the Client package setting option is enabled and the Security definitions option is disabled for this condition.

This notification condition is enabled by default.

Risk outbreak

This notification alerts administrators about security risk outbreaks. You set the number and type of occurrences of new risks and the time period within which they must occur to trigger the notification. Types of occurrences include occurrences on any computer, occurrences on a single computer, or occurrences on distinct computers.

This notification condition is enabled by default

Server health

Server health issues trigger the notification. The notification lists the server name, the health status, the reason, and the last online/offline status.

This notification condition is enabled by default.

Single risk event

This notification triggers upon the detection of a single risk event and provides details about the risk. The details include the user and the computer involved, and the actions taken by the management server.

SONAR definition out-of-date

Alerts administrators about out-of-date SONAR definitions. You can specify the age at which the definitions trigger the notification.

System event

This notification triggers upon certain system events and provides the number of such events that were detected.

System events include the following events:

  • Server activities

  • Enforcer activities

  • Replication failures

  • Backup and restore events

  • System errors

Unmanaged computers

This notification triggers when the management server detects unmanaged computers on the network. The notification provides details including the IP address, the MAC address, and the operating system of each unmanaged computer.

Upgrade license expiration

Upgrades from previous versions of Symantec Endpoint Protection Manager to the current version are granted an upgrade license. This notification triggers when the upgrade license is due to expire.

Virus definitions out-of-date

Alerts administrators about out-of-date virus definitions. You can specify the age at which the definitions trigger the notification.


Legacy ID



v32554298_v59371754


Article URL http://www.symantec.com/docs/HOWTO55128


Terms of use for this information are found in Legal Notices