Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

No longer receiving e-mail alerts from SEP R11.5 Server

Migration User

Migration UserJan 22, 2010 06:41 PMBest Answer

Single Risk Event
Migration User

Migration UserApr 08, 2010 06:40 PM

does yur exchange have spa disabled?

  • 1.  No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 19, 2010 01:55 PM
    I am running SEP R11.5 on Windows server 2008. For some reason I stopped getting my e-mails alerts from the SEP server (I am not getting any kind of e-mail alerts). All my alerts were working perfectly and then all of the sudden they stop. I am still getting all my schedule reports e-mails, which leads me to believe my SMTP settings are fine (I also checked them).
    Any clues?
    Thanks in advance


  • 2.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 19, 2010 02:01 PM
    configure new  eicar alert
    and refer this doc check if you get any kind of alerts

    Symantec Endpoint Protection Manager: EICAR events don't send Email Notifications

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008040309460648
    we need to check if your previous alerts are not working, or all the alerts

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008031219333348


  • 3.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 19, 2010 03:10 PM
    Hi Rafeeq
    I deleted all the notifications and created one from scratch, I followed the instructions from your links and still no notifications. I am including screenshots for you to see.

    Damper should be "auto" correct?

    Thank you!

    1-19-2010 2-45-49 PM.jpg

    1-19-2010 2-44-51 PM.jpg

    1-19-2010 2-42-26 PM.jpg


  • 4.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 19, 2010 03:31 PM
    damper is amount of time interval, by default its 1 hourt
    is it possible that your mail server  might be rejecting these alert?


  • 5.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 19, 2010 03:59 PM
    I have several schedule reports, and they are all working perfectly (I get them via E-mail as well ). Do you still think it is possible the exchange server could be rejecting the alerts even though they come from the same source?

    Ray


  • 6.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 19, 2010 04:08 PM
    please check this

    The Symantec Endpoint Protection Manager cannot send email notifications to a SMTP
    server configured to require Secure Password Authentication. You will need to configure SEPM
    to use another mail server that does not require SPA or disable the requirement of SPA from
    your current email server.

    http://service1.symantec.com/support/ent-security....

    https://www-secure.symantec.com/connect/forums/no-notifications-no-email-notifications
     



  • 7.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 20, 2010 05:35 AM
    Hi dca2r,

    Make sure that there is no firewall or other component which blocks the $ character in email header information.  There's an issue which applies to RU5 on Windows 2008.  Details are in the following article:

    "Email sending failed. Invalid character ('$') in username" when sending Reports from Symantec Endpoint Protection Manager

    As your scheduled reports are getting through, though, I don't know if this applies.....

    You may wish to use Exchange's message tracking capabilities to see if you can identify the mails from the SEPM, and see if there are any log entries about actions taken on them.

    Thanks and best regards,

    Mick


  • 8.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 20, 2010 07:48 AM
    To check if the problem is with reporting server or not, try this.. create a test admin account in sepm and try to get an account lock out e-mail for that... also, try the same with an 'authentication failure' notification... if there is a problem, please get us the catalina.out from manager\Tomcat\Logs ... And as the gentleman says, check ur exchange queue...

    If this happens due to the reporting component files mismatch or corruption, a repair install of SEPM should take care... ;)

    Cheers,
    Visu.


  • 9.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 20, 2010 01:41 PM
    Hi all,
    Sorry for the delay, got kind of busy. Here is an update.
    I created 3 different kinds of alerts, Single risk event, New Risk event and Authentication failure
    The Single risk event and the Authentication failure worked fine, I get an E-mail from those but I am not getting an E-mail from the New Risk event yet, isn’t that odd?  I also repaired the SEPM as Visu310 suggested and nothing.


  • 10.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 20, 2010 01:53 PM
    Risks events
    are sent only once in a day ( I read it somewhere :) )
    remove single risk event and try  only new risk event, you should get it after sometime (24 or damper period)
    i think you should get after 24 hours..however I would love to see the results.


  • 11.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 20, 2010 03:17 PM
    It seems like your reporting component is absolutely fine...:) ... AFAIK, new risk detected is for threats picked up by PTP and not AVAS.... single risk event is the one which notifies for AVAS... correct me if am wrong.. :)

    Cheers,
    Visu.


  • 12.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 20, 2010 03:19 PM
    Ok, I will try that.. Just so you know, I get the e-mail from single risk event almost immediately. I have try about 7 times today and I get them every time.

    I will keep you informed.


  • 13.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 22, 2010 02:54 PM
    Hi all,
    It has been over 24 hours and I have not received any alerts. We know is not an exchange problem because I get other alerts (even though they have the “$” character) and we know reporting is working well, what else is there?
    I have added other e-mail addresses to see if it was just me, and they are not getting them either.
     


  • 14.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 22, 2010 03:21 PM
    The New Risk Alert will only ever fire once for any given virus.

    If you have ever had a New Risk Alert notification for a specific threat (Eicar for example) you will never get another for that specific threat.


  • 15.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Jan 22, 2010 04:14 PM
    Hi Jeremy,
    Let me see if I understand this. The New Risk Alert is a onetime deal? If that is the case, which alert will you recommend I use to notify me of any security risks more than once?


  • 16.  RE: No longer receiving e-mail alerts from SEP R11.5 Server
    Best Answer

    Posted Jan 22, 2010 06:41 PM
     Single Risk Event


  • 17.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Feb 05, 2010 08:34 AM
    Sorry it took me so long to reply, I just wanted to make sure the alerts were working properly, and they are. I guess what got me confused is the name of the alert. Thank you all for your assistance.
     


  • 18.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Apr 08, 2010 06:40 PM

    does yur exchange have spa disabled?


  • 19.  RE: No longer receiving e-mail alerts from SEP R11.5 Server

    Posted Apr 09, 2010 07:55 AM
    Hi drudnev,

    I do not manage or work with our xchange servers so can't tell you.

    Sorry