disappointed w/ notifications

Discussion in 'ESET NOD32 Antivirus' started by aluminex, Dec 18, 2009.

Thread Status:
Not open for further replies.
  1. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    I am somewhat disappointed so far with the notification system.

    method 1
    I can setup email alerts directly from the client when there is a threat or event alert warning.

    This option works great until I receive 200 email's because one Trojan on one machine keeps recreating itself and getting caught by the real-time scanner.


    method 2
    setting up a notification per hour based on last threats

    This option would be great if it would only pull the actually "last threats" instead of every last threat from my entire log which consist of an entire year worth of data. I really don't need to know if clientA had a threat 3 months ago.




    Is there a way to receive 1 notification when someone has a threat. I address said threat and all is well... if this isn't something that can be done then is there anything I can do about receiving 200 emails from one client? I am getting emails every single minute and when I use notification manager I get emails once per hour but I get threats that aren't even threats any longer.
     
  2. RyanW

    RyanW Registered Member

    Joined:
    Nov 9, 2009
    Posts:
    77
    Throtttle the method 1 notification to once every 2/4/6/8/10/12/24 hours?

    My virus notification is set up as so:

    Trigger Type: New Log Event
    Priority: P1
    Throttle: Not Used (the throttle is controlled by 5 occurances in 60 minutes here)
    Threat Log Level 4: 5 occurances in 60 minutes for >= 1 computers.
     
  3. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello,

    Which Notification rule are you using? If you use the possible virus outbreak rule, it should not show previous messages at all. It sounds like you are sending reports, which does compile all the data for a period of time.
     
  4. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    I made a new rule.. it's entirely possible I have this all setup incorrectly...

    trigger type: client state
    priority: p1
    parameters: Amount >= 1 of filtered clients; Problem condition (Has Last Threat Event)
     
  5. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    I am trying a new client log rule now to see if that works for me...
     
  6. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    I have used a modified Possible virus outbreak rule and just modified it to:

    Threat Log;
    Level 4 - Above + Diagnostic;
    1 occurrences in 10 Minutes, Amount >= 1 of filtered clients

    I set this up just for testing and then used the eicar test file. For my testing, it collected all the notifications and sent them after the 10 minutes were up and then not again after that unless there was a new one. I would suggest using a similar method.
     
  7. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    Is there anyway for the notification to provide more data? I am using this as a means of documentation and it doesn't say anything about the threat id or the actually type of threat etc..
     
  8. RyanW

    RyanW Registered Member

    Joined:
    Nov 9, 2009
    Posts:
    77
    click "show me options" next to the message box to see available options?

    There might be more documented on kb.eset.com?


    Aren't you keeping the ERAS data for 12 months on the server? (other thread). Isn't that enough documentation?
     
  9. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143

    I have document and address every threat and warning event. This typically means either making some type of template and cut and paste each threat forward that threat to the appropriate department in this case probably our desktop support people for a resolution. Then process the return document after they have a resolution.

    It is much easier for me to simply forward an email each time and keep up with the responses instead of other types of documentation.
     
  10. aluminex

    aluminex Registered Member

    Joined:
    Oct 13, 2009
    Posts:
    143
    Is it possible to include the Threat or Event ID in the subject header or in the message itself?
     
  11. RyanW

    RyanW Registered Member

    Joined:
    Nov 9, 2009
    Posts:
    77
    I don't think so at present. You may want to check out ERAS/ERAC 4 beta (posted in 'other eset products' forum). AFAIK the first public beta was released Friday?

    Perhaps it's more robust.
     
Thread Status:
Not open for further replies.