What do the different Notification Conditions for email alerts mean?

Article:TECH91535  |  Created: 2008-01-23  |  Updated: 2011-05-10  |  Article URL http://www.symantec.com/docs/TECH91535
Article Type
Technical Solution


Issue



The behavior for each Notification Condition is unclear.


Solution



 

Page 215-217 of the Administrators guide goes into more detail about the specific on each of these settings. That information has also been placed below:
 
  •  Authentication failure
 
Logon failures trigger this type of notification. You set the number of logon
failures and the time period that you want to trigger a notification. Symantec
Endpoint Protection notifies you if the number of logon failures that occur
during the time period exceeds your setting. It reports the number of logon
failures that occurred.
 
  •  Client list change
 
Changes to the clients trigger this type of notification. The types of changes
that can trigger this notification include the addition, movement, name change,
or deletion of a client. Additional possibilities are that a client's Unmanaged
Detector status, client mode, or hardware changed.
 
  •  Client security alert
 
You can choose from compliance, Network Threat Protection, traffic, packet,
device control, and application control security events. You can also choose
the type and extent of the outbreak that should trigger this notification and
the time period. Types include occurrences on any computer, occurrences on
a single computer, or occurrences on distinct computers. Some of these types
require that you also enable logging in the associated policy.
 
  •  Enforcer down
 
An offline Enforcer appliance triggers this type of notification. The notification
tells you the name of each Enforcers, its group, and the time of its last status.
 
  •  Forced or Commercial application detected
 
The detection of an application on the Commercial Application List or on the
administrator's list of applications to watch for triggers this notification.
 
  •  New learned application
 
New learned applications trigger this type of notification.
 
  •  New risk detected
 
New risks trigger this type of notification.
 
  •  New software package
 
New software package downloads trigger this type of notification.
 
  •  Risk outbreak
 
You set the number and type of occurrences of new risks and the time period
that should trigger this type of notification. Types include occurrences on any
computer, occurrences on a single computer, or occurrences on distinct
computers.
 
  •  Server health
 
Server health statuses of offline, poor, or critical trigger this notification. The
notification lists the server name, health status, reason, and last status.
 
  •  Single risk event
 
The detection of a single risk event triggers this notification. The notification
lists a number of details about the risk, which includes the user and computer
involved, and the action that Symantec Endpoint Protection took.
 
  •  System event
 
System events such as server and Enforcer activities, replication failure, backup
and restore problems, and system errors trigger this notification. The
notification lists the number of such events that were detected.
 
  •  Unmanaged computer
 
Unmanaged computers trigger this notification. The notification lists details
such as the IP address, MAC address, and operating system for each computer.
 
  •  Virus definitions out-of-date
 
You define out-of-date when setting up the notification. You set the number
of computers and the number of days that the computer's definitions must be
older than to trigger this notification.

 



Legacy ID



2008122312010048


Article URL http://www.symantec.com/docs/TECH91535


Terms of use for this information are found in Legal Notices