Can the ESET server (ERAS) send threat alert emails?

Discussion in 'ESET Server & Remote Administrator' started by Reedmikel, Mar 3, 2012.

Thread Status:
Not open for further replies.
  1. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    I am a MSP using NOD32 4.2 Bus Ed. Is there a way to configure my ESET server (ERAS) to send an email for every threat that NOD32 clients encounter? I see the policy settings that allow you to configure the NOD32 client machines to send emails, but I am not sure where to find similar policy setting to have ERAS send the email alerts/notifications.

    Using Policy manager, I tried entering my SMTP settings under Remote Administrator->ERA Server->Setup->Other Settings, as well as a Default email address for notifications (under Notification). But I did not get any email from ERAS when I simulated a virus using EICAR files. I did get one from the client machine, but nothing from ERAS.

    Why do I want the email to be sent by ERAS? 1) best-practices these days is to not allow SMTP traffic on workstations 2) I do not want to rely on an infected machine being able to send out emails 3) I do not have to configure different SMTP settings for each customer site if ERAS sends the emails

    TIA,

    -Mike
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I presume it's not possible with ERA4. As of ERA5, you can create a notification rule "New threat log".
     
  3. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Sounds like you are not sure. Maybe can you research my question with your developers? Unfortunately, since very few policy settings are documented it's impossible for users to figure these things out without getting the developers involved :( What is the point of developing software with hundreds of policy settings, but little or no documentation that describes them?
     
  4. ocnjkayak

    ocnjkayak Registered Member

    Joined:
    Jun 28, 2011
    Posts:
    4
    Does anyone have an answer for this? I would like to know myself how to have notifications sent from the ERA server instead of directly from clients.

    Thanks!
     
  5. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    It's hard sometimes to get answers related to the Business Edition in this forum. I was told this is really more of a forum for the home version. Hopefully some day they add a separate forum just for the Business Edition and add staff that know it inside and out...
     
  6. bigQ

    bigQ Registered Member

    Joined:
    Sep 20, 2007
    Posts:
    2
    You can set up ERA to e-mail notifications out through notification manager. If you go to tools>> notification manager and create a new rule. Then set the clients to not send out an email but it will be logged in the "Threat log" and kick off an e-mail based on the parameters you set in the rule.
     
  7. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    The Notification Manager sort of works, but is limited in what it can alert you about. In my case I wanted to get an email alert on *any* threat, whether ESET could clean it or not. But it can't do that :( As a Managed Service Provider, I want to be able to spot malware trends quickly, so it's important that I be alerted to all threats. I might not look at each alert's email, but if I started seeing a significant increase in the number of alerts I would delve right into it. I get the sense that the Business Edition is a somewhat new product, and still has a lot of maturing to do...

     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's possible, look at the email I got from ERAS:

    1, Test / Test, 2012-04-17 09:10:15 , TEST\Administrator, Real-time file system protection, Warning, file, C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\VMwareDnD\25e0066a\eicar.com, Eicar test file, cleaned by deleting - quarantined, Event occurred on a new file created by the application: C:\Program Files\VMware\VMware Tools\VMwareUser.exe.

    Check what log level you have set in the Parameters field and try setting it to "Level 3 - Above + Normal" if you want to be notified about threats that were cleaned successfully as well.
     
  9. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Hi Marcos,
    In your reply on 3/4, you said you thought it wasn't possible. Glad you figured it out for all of us - thanks! I'll give it a try...

    -Mike
     
  10. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Marcos - could you give us a screen shot of the notification rule you used? I am trying to figure out whether you modified a pre-defined rule or created a new one, and exactly what the parameters are that you used.

    Thanks!
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Here you go, hope it helps:
     

    Attached Files:

  12. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Marcos - thanks for the quick screen shot! BUT, I do not have a choice of Received Threat Log in the Trigger Type drop down list on my ERAC. The only choices listed are: Client State, Server State, Finished Task Event, New Client Event and New Log Event.

    I am using the NOD32 Business Edition. The ERAC version is 4.0.138. Maybe v5 (which has only been released in the home version) has a Notification Manager and you are using that? Or, my ERAC version is old?
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Yes, this new kind of notifications was added in ERA5 as I mentioned in my 2nd post in this thread.
     
  14. Reedmikel

    Reedmikel Registered Member

    Joined:
    Dec 30, 2011
    Posts:
    185
    Is ERA5 available for the Business Edition of NOD32? I thought my ERAC is up to date, but maybe version 5 is now out for the Bus Ed? I had mentioned that I was using the Bus Ed in my original post that started this thread...

     
  15. ghaffaria

    ghaffaria Registered Member

    Joined:
    Jan 10, 2010
    Posts:
    1
    Hi,
    Can ESET send a report automatically every month?
    I try do that with this instruction:

    "How do I set up ESET Remote Administrator Server to send email reports and notifications? (4.x) "

    and I have ESET Endpoint Antivirus 5 with 55 user...

    I follow that instruction but i saw this message every time: http://ghaffaria.persiangig.com/image/1.JPG
    http://ghaffaria.persiangig.com/image/2.JPG

    I Filled that form and I Saw this message and I didn't fill that form I saw this box too.

    http://ghaffaria.persiangig.com/image/3.JPG


    so what should I Do?
     
Thread Status:
Not open for further replies.