I am trying to get the email notifications working when something is blocked when writing to a USB drive.
I have the policy setup to allow read only access to usb drives and that is working fine and everything is logged correctly, but I do not receive any email alerts for this. Other email alerts work fine, I can open the Eicar test file and I will get an alert. Also, our Citrix server creates Tamper alerts when it tries to adjust SEP process priorities and those alerts come through fine.
Could it be that the usb alerts are minor and tamper alerts are major?
The notification is setup as CLIENT SECURITY ALERT
OCCURENCES ON ANY COMPUTER
DEVICE AND APPLICATION CONTROL BOXES SELECTED
1 OCCURRENCE WITHIN 1 MINUTE
DAMPER: tried both AUTO and 20MIN