I only want threat emails!

What settings need to be applied for me to receive only threat emails from clients. I don't want to receive event notifications such as. %computername% did not update successfully etc...

For instance,

I would like the clients to send me an email with the following information.



(a) There is a threat.

(b) The type of threat, object, etc...

(c) action taken

 

Have you tried bumping up the minimum verbosity setting for the notifications? Cranking that up to Critical Warnings should do what you want.

 

Thank you for your reply. I was wondering if it is possible to trigger this alert somehow without actually having a threat obviously... but being able to trigger it for testing before rollout would be nice.

 

Have you tried downloading EICAR on a client PC? EICAR is a file that is harmless but most AV detect it as a virus for the purposes of testing and demonstration.

www.eicar.org - top right "Anti Malware Test file". Read the page and the links are near the bottom.

 

Smacky, if I am not mistaken this will also tell me every time someone can't connect to the server or if a AV program fails correct?

 

I believe critical warnings include threats that cannot be automatically cleaned, portions of the scanning kernel being disabled/compromised. Basically, things that require manual intervention. Unfortunately, I'm not turning up anything in the KB or documentation that is giving a definite definition on what is included in each of the alerting levels. Maybe a mod or something can clarify on that.

 

Based on my threat logs the cleaned after next restart is only a warning. Is there a way to customize these perhaps?

 

I did and it worked great. Thank you!

 

If you want clients to email you then do the following in Policy manager in the ESET Remote Administrator Console.

Select the + next to Alerts and Notfications


Change your Minimum Verbosity for notifications: Critical Errors...

Anything that does get mixed with Virus information alerts will be things like ESET Antivirus module not loading leaving the computer undetected which could be a sign of infection or something that DOES need to be addressed.

 

This doesn't pick up any action taken that was "cleaned after next restart"