Hello... First time poster, long time troller.
I have done a fresh install of 11.0.6005.562. I have installed the Management on a server. I have created custom client installs which have been successfully deployed to clients. I have set the client policies for communications settings to pull @ heart beat 5 minutes.
Here is where the questions come into play:
I have configured the server to monitor and send out E-mail notifications. Currently, E-mails take 7+ minutes to be sent from the server to administration E-mail accounts. I have seen them take up to 30 minutes some times. What is the deal with this. Is it because of the heart beat? That still does not explain the extra 2+ minutes. Can someone please break this down so I can resolve this issue asap. (Symantec 8.X never had this delay issue) I also just noticed that one computer had about 7 different infected files... and all I got were 2 E-mails. All the files were quarantined...so why were only 2 E-mails sent and how do I allow it to send one e-mail per infected file.
The delayed E-mails I see in my inbox are something like this:
------------------------------
Message from:
Server name: servernamehere
Server IP: serveriphere
At least one security risk found:
Risk name: riskname
File path: c:\WINDOWS... Event time: ... GMT Database insert time: .... GMT
User: usernamehere
Computer: computernamehere
IP Address: ipaddresshere
Domain: Default
Server: servernamehere
Client Group: Groupnamehere Action taken on risk: whateverwasset
-----------------------------------
I want to customize the E-mails, but the Symantec reps keep telling me it is not possible. For example... I only want something basic that does not show database insertion time, server name, server ip address. It says that this notification would be triggered by any kind of scan.. but it does not show the scan type in the E-mail notification which is something I would like to be able to turn on or off. If there is some way to modify what is sent out to E-mail notification, please tell me how to do it.
Is it only Quarantined Items that trigger notification? For example, I have "new risk detected" and "single risk event" event triggers setup. Previously I had a policy where items would be attempted to be cleaned or otherwise deleted. Those items only showed up on the server. Only items that were quarantined would trigger a notification to be sent out. So what officially triggers E-mail alerts?