Endpoint Protection Small Business Edition

 View Only

  • 1.  Email notifications when USB blocked

    Posted Nov 18, 2010 11:59 AM

    I am trying to get the email notifications working when something is blocked when writing to a USB drive.

    I have the policy setup to allow read only access to usb drives and that is working fine and everything is logged correctly, but I do not receive any email alerts for this. Other email alerts work fine, I can open the Eicar test file and I will get an alert. Also, our Citrix server creates Tamper alerts when it tries to adjust SEP process priorities and those alerts come through fine.

     

    Could it be that the usb alerts are minor and tamper alerts are major?

     

    The notification is setup as CLIENT SECURITY ALERT

    OCCURENCES ON ANY COMPUTER

    DEVICE AND APPLICATION CONTROL BOXES SELECTED

    1 OCCURRENCE WITHIN 1 MINUTE

    DAMPER: tried both AUTO and 20MIN



  • 2.  RE: Email notifications when USB blocked

    Posted Nov 18, 2010 12:12 PM

    Is "Write the notification to database" option checked?



  • 3.  RE: Email notifications when USB blocked

    Posted Nov 18, 2010 02:36 PM

    Yes.

     

    Also, you probably already know this but don't the Tamper alerts come from the same Notification Condition as application/device control alerts?



  • 4.  RE: Email notifications when USB blocked

    Posted Nov 18, 2010 03:55 PM

    It appears that this does not work as you need. This feature was added to the "Ideas" section of Connect to possibly be added into a future release of SEP.

     

    https://www-secure.symantec.com/connect/idea/email-alert-usb-needed-following-facts