Outbreak_Criteria_and_Notifications

Outbreak Criteria and Notifications

Define an outbreak by the number of security risk detections and the detection period. After defining the outbreak criteria, configure OfficeScan to notify you and other OfficeScan administrators of an outbreak so you can respond immediately.

You can receive notifications through:

Configure administrator notification settings to allow OfficeScan to successfully send notifications through email, pager, and SNMP Trap. For details, see Administrator Notification Settings.

  1. In the Criteria tab, specify the number of detections and detection period for each security risk.

  2. OfficeScan sends a notification message when the number of detections is exceeded. For example, if you specify 100, OfficeScan sends the notification after it detects the 101st instance of a virus/malware.

  3. Enable OfficeScan to monitor the network for firewall violations and shared folder sessions. Under Shared Folder Sessions, click the number link to view the computers with shared folders and the computers accessing the shared folders.

  4. In the Email, Pager, SNMP Trap, and NT Event Log tabs:

    1. Enable notifications for virus/malware and spyware/grayware detections.

    2. For email notifications, specify the email recipients and accept or modify the default email subject. Optionally select additional virus/malware and spyware/grayware information to include in the email. You can include the client/domain name, security risk name, date and time of detection, path and infected file, and scan result.

    3. Accept or modify the default notification messages.

    4. Use token variables to represent data in the Message and Subject fields.

      Token variables for outbreak notifications

      Variable

      Description

      Virus/Malware outbreaks

      %CV

      Total number of viruses/malware detected

      %CC

      Total number of computers with virus/malware

      Spyware/Grayware outbreaks

      %CV

      Total number of spyware/grayware detected

      %CC

      Total number of computers with spyware/grayware

      Firewall violation outbreaks

      %A

      Log type exceeded

      %C

      Number of firewall violation logs

      %T

      Time period when firewall violation logs accumulated

      Shared folder session outbreaks

      %S

      Number of shared folder sessions

      %T

      Time period when shared folder sessions accumulated

      %M

      Time period, in minutes

  5. Click Save.

See also: