Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

New Risk Notification

Created: 28 Jan 2008 • Updated: 22 May 2010 | 9 comments
didn't work for me.
 
In the monitors section under the Notifications tab i set up a new notification condition.  I want the system to email me if any of my clients detect a new risk.
 
A trojan was detected and removed from a workstation over the weekend but i was not emailed.
What specific things must i do to the notification condition area to achieve this functionality?

Comments 9 CommentsJump to latest comment

GrahamA's picture
Did you also configure a mail server to deliver the email? This is one possible reason why it may not have worked so just double-checking. You'll need a valid working accessible mail server for the SEPM to connect to, to relay the email for you.
 
If you didn't configure the mail server yet, via the console, go to Admin > Servers > highlight the SEPM (represented by hostname) > properties > mail servers.

GrahamA Product Management, Symantec Security Solutions

Geddon's picture
well we put our info in there but we still don't receive any notifications.
 
used a test string to test the antivirus, which worked.  i can see the log in the SEPM but get no notification to my mailbox. 
 
any thoughts?
GrahamA's picture
From what you describe, it sounds like the issue is re the mail server accepting and relaying the email, at least this is what I would focus the troubleshooting. If you have a log on the mail server you could check it to see if any connection is accepted from the SEPM? and if no sign, then perhaps use Wireshark or some other network traffic analysis tool to ensure you see traffic coming from the SEPM on port 25 for SMTP to the mail server.
 
In general all you need to do is enter the mail server, specify email addresses as part of the notification and you're good to go.
 
I guess one more possible troubleshooting step would be to try point to another mail server, even one setup temporarily, to verify if it is an issue specifically with the actual mail server you're specifying.

GrahamA Product Management, Symantec Security Solutions

Geddon's picture
the problem was our smtp server.
 
we've got it isolated and resolved now.

Thank you for the input.
diverdaveman's picture
I'm experiencing an issue with no emails received when a virus is detected. The email portion of the server works because I've created scheduled reports to run daily and they work fine. To test the email notifications, I created two new notifications - "New Risk Detected" and "Risk Outbreak". I pretty much left all the defaults. Then I went to the http://www.eicar.org/anti_virus_test_file.htm website to test a virus download. Symantec stopped the virus on my PC, but never sent our help desk the email. This was attempted several times with no email being delivered.
 
Thanks,
Dave
Squirre1 2's picture

I am seeing this exact same behavior... I got one notification after that, I am not getting any more... Additionally, it showed the notification on the server and I acknowledged it. But I am not seeing any more...

 

Anyone else having any issues with notifications...?

brav's picture

I get a notification every 30 mins or so advising that there's nothing to report.

 

notification period is set to 5 hrs

Only set to include replication errors

 

:P

m00

qpass's picture

Dear Graham,..

 

We have same problem with his.

we have tested connection from my SEP with smtp server with telnet command. It is OK ...

Smtp server reply..

 

Could you help me about this matter ..?

josudacorp's picture

I am not sure if this is the best place for this post, however, each day now for some reason in the morning when I come into work, there is always a message saying that action needs taken to view the risk logs for the virus, or spyware, etc.  When I do, the only thing that I can see happened overnight is that the clients received an update to the definition files.

Is there a way to disable this?  as why it's saying there is a problem, when only Definition files have been downloaded and installed is definitely not a problem, but on the employees computers that this is happening on, and it seems to keep growing that more and more each day are experiencing this pop up each morning when they logon to the network...

Also, on one of the computers, the home page in Internet Explorer also keeps getting changed and I have to manually change it back.  It sets it to Symentec for some reason atleast once a week and then I have to go into IE and change it back..  What would also cause this???

Thank you