Customizing notifications to be more specific

Hi All,

In my work environment, there are times when our programmers need to disable real-time scanning on test machines in order to properly test the applications they are writing - mostly for performance reasons. However, my department (IT Infrastructure) is concerned that one of these days a programmer will forget to reenable real-time scanning. I have enabled notification by protection status and have set the priority to P1. Now I get notifications when one of the programmers disables real-time scanning, and I can keep track in order to make sure it is reenabled. The problem is that I also get other protection status-related notifications, such as virus definitions out of date, O/S not up to date, etc.

What I am looking for is a way to be more specific in the protection status notification. I need to know only when real-time scanning has been disabled by a user. Does anyone know how to be more specific in the notification rules? Any help would be appreciated.
Thanks.

 

Which trigger are you using, Protection Status Any Warnings or Protection Status Critical Warnings? However, I don't which warnings are considered "critical" but maybe someone else has tested the difference between the two and can provide a list.

 

Thanks for the reply. I originally had it set for both: any warnings & critical warnings, which seemed redundant to me, since any warnings should include critical ones too, but I tested it anyway. I kept getting all of the warnings associated with protection status. Next, I removed any warnings and left only critical warnings but I still get things like OS out of date, or virus definition not updated. What I need is a way to trigger ONLY when real-time scan is disabled.

I also looked at the Error in server text log notification rule but, glancing at the server log, it appears that it only reports that a notification event took place - no details as to what client triggered it. As I said, I've only looked at this option but I haven't tested it yet.