Risk Event notification and SEPM inconsistency
Updated: 21 May 2010 | 2 comments
I have created a notification condition to notify me by email about new risk events. But when i get email notification and check in SEPM i didnt see any risk events there. Sometimes they show up after a while, sometimes no. Why and how can this be happening? I though SEPM should get a notification from client and then send a notification to admin. How can it be that this entry is not immediately written to SEPM itself to who on startpage?
discussion Filed Under:
Comments
First, in notification time
First, in notification time is shown in GMT not your local time. And second, there is damper time. So SEPM sends only one notification in defined time period. And if there was more risk detection another notification would be send after damper time is over.
So you should check "Event time" in notification then make adjustment to your local time and then you will get correct time of event.
Thanks about the GMT thing,
Thanks about the GMT thing, that adds +2 hours, but doesnt answer my question. The problem is not that i see some events in SEPM console and dont get email notifications in time. The problem is that i get notifications, but that events dont show up in SEPM console. Event notification is limited with information, so i want to check the details in SEPM, but i cant, because there is no such event on Action Summary by Detection Count page.
I see this in notification:
At least one security risk found:
Risk name: Trojan.Minit
Event time: 2009-03-04 05:54:09 GMT
Database insert time: 2009-03-04 06:46:53 GMT
+2 hours - 7:54 , 8:46, now it's 15:57 and SEPM show 0, if i go to Monitor and find that PC it doesnt show any infection.
Would you like to reply?
Login or Register to post your comment.