Instant email notification on virus found

Hi. I'm new to NOD32, I've always been a Symantec guy, so some things seem totally different.

I have installed a few test clients and server with console, everything latest versions. With Symantec corporate I had setup email notifications to me on any threat found. But there the chain was like this:

client detects threat
immediately sends notification to server (not with email, but using symantec's internal protocol via specific port)
server generates email with client name and threat name.

Now in NOD32 environment I don't know where to start. Is the client-server connection interval always fixed, even when the threat is found? Do I configure the notification event in server, or push as a policy to clients, and each client notifies me directly? The last option doesn't seem very good, I have some clients which have all outgoing ports blocked, except http.

 

Hello,

Hopefully I can clear things up for you. Since you are new to ESET first let me say welcome. To get you started here is a copy of our basic setup guide for a business environment.

The check in intervals of the ESET clients is certainly adjustable. I typically set the check in time for my clients in two places. In the installation package I like to set the check in interval to 0. This way I do not have to wait for the client to start trying to check in after a push install. Then in my policy for the clients, I set the check in interval to the desired length. Default is 10 minutes.

In my opinion the best option in receiving notifications is to use our centralized Notification Manager that is built into the ESET Remote Administrator.

 

You also can setup the client, to instantly send an email if infection was found or an error was detected. (Works also, if the ERAS is down)

 

Could someone show the exact config in notification manager? I tried "client state" + Problem condition (Has Last Threat Event OR Last Scan Found Threat), and "new log event" + Threat Log; Level 2 - Above + Warning. Neither worked. I can see the threats in console in threat log, but in client overview the column "Last threat alert" is empty.

 

Oh, the second trigger worked, but with a delay of 10 minutes, because you cannot set less in occurence options. These options probably are useful if you have hundreds of clients, but not for me

Now how to include threat name, or even path in message? Also, the %CLIENT_LIST% variable is no good, as it shows server's name, not the client, where threat occured.