Thursday, February 20, 2014

How to configure Endpoint Protection Malware detection E-Mail Alerts

Within Endpoint Protection (SCEP) you can have antivirus/antimalware functionality by adding the Endpoint Protection role. That way (by Client settings) the SCEP agent can be installed on systems. With antimalware policies you can decide how the SCEP agent behaves and which exclusions to set. There is also a nice dashboard for total overview and malware detected. In this blogpost I will explain how Malware detection E-Mail Alerts can be configured.

First Email notification must be set. this can be found in Administration > Sites > Configure Site Components > Email Notification. Just enable the rule (Enable email notification for alerts), type in FQDN or IP-address of the SMTP server, sender address and "Test SMTP Server". That way you know for sure if communication is done okay.

After that choose properties on the collection where you want the E-Mail Alert. Choose Alerts and enable the rule (View this collection in the Endpoint Protection dashboard). Click Add and choose the four Endpoint Protection options, which are Malware detection, Malware outbreak, Repeated malware detection and Multiple malware detection. Leave default settings on the other options (Alert name, Alert severity and Malware detection threshold).

When above is done go to the Monitoring tab, choose Alerts > Subscriptions, and "create subscription". Type in a Subscription name, Email address and tick the four Endpoint Protection options again, which are Malware detection, Malware outbreak, Repeated malware detection and Multiple malware detection. Then everything is done and a test is needed to see if the E-Mail Alert is working.

Just create a EICAR test file (http://www.eicar.org/86-0-Intended-use.html) and let's see what happens. if everything is done well an E-Mail Alert will be received after a few minutes. In my case multiple E-Mail Alerts were received: Malware detection alert, Malware outbreak alert and Repeated malware detection alert. Hope it will be clear this way how to configure Malware detection E-Mail Alerts.

1 comment:

  1. Is there any way you can change the content of the emails to contain the severity?

    ReplyDelete