Endpoint Protection

 View Only

  • 1.  Email Notifications on Tamper Protection Events

    Posted Apr 05, 2012 04:00 AM

    Howdy all,

    Does anyone know of a way to configure a SEPM Notification to be generated for Tamper Protection events?

    I can see these in a report, I can grab them out of the logs on the SEPM, but I can't seem to configure a Notification Condition to trigger on these events.

    Running SEP12.1RU1

    Ta!



  • 2.  RE: Email Notifications on Tamper Protection Events

    Broadcom Employee
    Posted Apr 05, 2012 04:15 AM

    i do not think you can configure email notification for tamper protection.



  • 3.  RE: Email Notifications on Tamper Protection Events

    Posted Apr 05, 2012 04:25 AM

    ...I'm just hoping someone else out there has had such a request and has some input as to how this might be accomplished.

    At the very least, this thread will give me an notion of how much interest there would be in such a Notification Condition and if it's worth submitting as an Idea to you guys wink



  • 4.  RE: Email Notifications on Tamper Protection Events

    Posted Apr 05, 2012 09:47 AM

    tamper protection doesn't have a trigger for itself, but you can make an E-mail notification for it with the Application Control trigger:

    Monitors > Notifications > Notification conditions > Client security alert > Application Control Events

    HTH!



  • 5.  RE: Email Notifications on Tamper Protection Events

    Posted Apr 05, 2012 10:44 AM

    I did see that, but there didn't seem to be a way to restrict it to only notify on 'Major' events?



  • 6.  RE: Email Notifications on Tamper Protection Events

    Broadcom Employee
    Posted Apr 05, 2012 10:56 AM

    if im correct it's notification of Application settings configured in ADC policy..



  • 7.  RE: Email Notifications on Tamper Protection Events

    Posted Apr 05, 2012 11:02 AM

    and oddly, that's also what you filter by to retrieve the Tamper Protection logs.  Strange innit?  Of all the places to put it...

    That being the case, the theory is that configuring notifications for the "Application Control" events may give me an email whenever a Tamper Protection event occurs, but it also means I'd get spammed by everything else "Application Control" related crying

    Sooo, it's a possible resoltuion but far from ideal.



  • 8.  RE: Email Notifications on Tamper Protection Events

    Posted Apr 05, 2012 11:04 AM

    I did see that, but there didn't seem to be a way to restrict it to only notify on 'Major' events?

    If that means that it's not possible to separate Tamper protection notifications/E-mails from "common" Application Control notifications, I think you are right.

    If you launch your idea, I'll support it cool



  • 9.  RE: Email Notifications on Tamper Protection Events

    Posted Apr 09, 2012 04:05 AM

    I agrere with Pete, There not any Notifcation for Tamper Protection. You can able to create the notifcation for ADC, Client Changing, Virus old Defintion and other attach in below snap.

     



  • 10.  RE: Email Notifications on Tamper Protection Events

    Posted Apr 10, 2012 06:53 AM

    New "Idea" incoming...