Outbreak_Criteria_and_Notifications
Define an outbreak by the number of security risk detections and the detection period. After defining the outbreak criteria, configure OfficeScan to notify you and other OfficeScan administrators of an outbreak so you can respond immediately.
You can receive notifications through:
Configure administrator notification settings to allow OfficeScan to successfully send notifications through email, pager, and SNMP Trap. For details, see Administrator Notification Settings.
To configure the outbreak criteria and notifications:
Notifications > Administrator Notifications > Outbreak Notifications
Notifications > Administrator Notifications > Outbreak Notifications > Shared Folder Session link
In the Criteria tab, specify the number of detections and detection period for each security risk.
Trend Micro recommends accepting the default values in this screen.
OfficeScan sends a notification message when the number of detections is exceeded. For example, if you specify 100, OfficeScan sends the notification after it detects the 101st instance of a virus/malware.
Enable OfficeScan to monitor the network for firewall violations and shared folder sessions. Under Shared Folder Sessions, click the number link to view the computers with shared folders and the computers accessing the shared folders.
In the Email, Pager, SNMP Trap, and NT Event Log tabs:
Enable notifications for virus/malware and spyware/grayware detections.
OfficeScan only reports firewall violation and shared folder session outbreaks through email.
For email notifications, specify the email recipients and accept or modify the default email subject. Optionally select additional virus/malware and spyware/grayware information to include in the email. You can include the client/domain name, security risk name, date and time of detection, path and infected file, and scan result.
Accept or modify the default notification messages.
Use token variables to represent data in the Message and Subject fields.
|
Token variables for outbreak notifications |
|
Variable |
Description |
|
Virus/Malware outbreaks |
|
|
%CV |
Total number of viruses/malware detected |
|
%CC |
Total number of computers with virus/malware |
|
Spyware/Grayware outbreaks |
|
|
%CV |
Total number of spyware/grayware detected |
|
%CC |
Total number of computers with spyware/grayware |
|
Firewall violation outbreaks |
|
|
%A |
Log type exceeded |
|
%C |
Number of firewall violation logs |
|
%T |
Time period when firewall violation logs accumulated |
|
Shared folder session outbreaks |
|
|
%S |
Number of shared folder sessions |
|
%T |
Time period when shared folder sessions accumulated |
|
%M |
Time period, in minutes |
Click Save.
See also: