Endpoint Protection

 View Only

  • 1.  SEPM12: Notification options?

    Posted May 10, 2013 09:50 AM

    I was windering if there is a way to setup Notifications to include any of the following details?

    • Virus alerts which also include the hash of the suspect file.
    • Network Threat Protection email alerts which include the actual URL that was being blocked. The current email shows traffic to/from our proxy server is being blocked, but we need to review the SEPM log to see the actual address which caused the issue.

    Whenever we receive these types of alerts, we need to logon to the SEPM and extract these details from the logs. Is there a way to include these details in the alert emails?



  • 2.  RE: SEPM12: Notification options?

    Posted May 10, 2013 09:54 AM

    There is no ability to customise these alerts. What you see is what you get.

    Also, SEP is not proxy aware unfortunately so it will only show your proxy address as you have already seen.

     



  • 3.  RE: SEPM12: Notification options?

    Posted May 10, 2013 09:58 AM

    No, it is not possible to customize.



  • 4.  RE: SEPM12: Notification options?

    Posted May 10, 2013 10:01 AM

    You can try SQL query, the way it is done here

    https://www-secure.symantec.com/connect/forums/custom-report-sepm-121-sql-query

    But not sure if it would go that granular what you want.



  • 5.  RE: SEPM12: Notification options?

    Posted May 10, 2013 10:35 AM

    Embeded database dosenot support



  • 6.  RE: SEPM12: Notification options?

    Posted May 10, 2013 10:01 PM

    Right but we are not sure, yet if he is using embedded or SQL :)



  • 7.  RE: SEPM12: Notification options?

    Posted May 11, 2013 01:39 PM

    Hi

    As per your requirement you can schedule the report for virus detected but cannot have the hash value of the file

    Regards