Customizing notifications to be more specific

Discussion in 'ESET Server & Remote Administrator' started by fstone35, Mar 7, 2013.

Thread Status:
Not open for further replies.
  1. fstone35

    fstone35 Registered Member

    Joined:
    Feb 21, 2013
    Posts:
    3
    Location:
    United States
    Hi All,

    In my work environment, there are times when our programmers need to disable real-time scanning on test machines in order to properly test the applications they are writing - mostly for performance reasons. However, my department (IT Infrastructure) is concerned that one of these days a programmer will forget to reenable real-time scanning. I have enabled notification by protection status and have set the priority to P1. Now I get notifications when one of the programmers disables real-time scanning, and I can keep track in order to make sure it is reenabled. The problem is that I also get other protection status-related notifications, such as virus definitions out of date, O/S not up to date, etc.

    What I am looking for is a way to be more specific in the protection status notification. I need to know only when real-time scanning has been disabled by a user. Does anyone know how to be more specific in the notification rules? Any help would be appreciated.
    Thanks.
     
  2. foneil

    foneil Eset Staff Account

    Joined:
    Dec 7, 2010
    Posts:
    255
    Location:
    San Diego
    Which trigger are you using, Protection Status Any Warnings or Protection Status Critical Warnings? However, I don't which warnings are considered "critical" but maybe someone else has tested the difference between the two and can provide a list.
     
  3. fstone35

    fstone35 Registered Member

    Joined:
    Feb 21, 2013
    Posts:
    3
    Location:
    United States
    Thanks for the reply. I originally had it set for both: any warnings & critical warnings, which seemed redundant to me, since any warnings should include critical ones too, but I tested it anyway. I kept getting all of the warnings associated with protection status. Next, I removed any warnings and left only critical warnings but I still get things like OS out of date, or virus definition not updated. What I need is a way to trigger ONLY when real-time scan is disabled.

    I also looked at the Error in server text log notification rule but, glancing at the server log, it appears that it only reports that a notification event took place - no details as to what client triggered it. As I said, I've only looked at this option but I haven't tested it yet.
     
Thread Status:
Not open for further replies.