Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Email for Application Control Rules but NOT for Tamper Protection

Created: 13 Jun 2013 | 5 comments
diabolicus23's picture

I've enabled the notification for Application Control (with appropriate settings in the Rule and in the Notification Conditions).

Everything's woriking fine but is it possible to receive only notifications related to Application Control Rules and not Tamper?

I underline that I want to mantain Tamper protection with Block and Logs Enabled, I could not avoid the logging of the Tamper, I want simply avoid the email notification.

Comments 5 CommentsJump to latest comment

Rafeeq's picture

I think if you enable filer you will be able to get it, have you tried it.

SEPM UI:  (Monitors > Logs > Application and Device Control > Advanced > Event Type: Tamper Protection). 

 

 

How to view Tamper Protection Logs

diabolicus23's picture

Via Monitor/Logs I'm able to view only Application Control Rules (that is exactly what I want).
The problem is that I need the email notifications of those events but in Notification Conditions only Application Control is present, without the possibility to chose only "Rules".

.Brian's picture

Don't believe this is possible.

You can check the box for "Application Control events", which tamper protection falls under, but, unfortunately tamper protection is not separated out. This explains why you get everything.

You can create an idea I suppose but as of now, you cannot get only Tamper Protection alerts via email.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

diabolicus23's picture

Thanks Brian, I'm arrived to the same conclusion: not possible by now.

I've tried to use a rule on Outlook in order to automatically delete mail with "Tamper Protection" in the body  and it works but... in 2 hour it has deleted something like 400 tamper emails (and I've received such as 20 Application Rule email) smiley

Excessive work for Exchange if I have to apply notifications to 10-15 administrators. By now, it seems that I cannot follow this way so I will create an Idea :-)

It will be great if we could schedule not only reports but also Monitors/Logs export via .csv.

.Brian's picture

Or even if you could aggregate them...

And yes, agreed on the csv as well. Other products are doing it so I would expect to see this and hopeful that it appears soon.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.