outcrinot
Configure OfficeScan to send you and other OfficeScan administrators a notification when the following events occur:
Virus/Malware outbreak
Spyware/Grayware outbreak
Shared folder session outbreak
Define an outbreak by the number of detections and the detection period. An outbreak is triggered when the number of detections within the detection period is exceeded.
OfficeScan comes with a set of default notification messages that inform you and other OfficeScan administrators of an outbreak. You can modify the notifications and configure additional notification settings to suit your requirements.
OfficeScan can send security risk outbreak notifications through email, pager, SNMP trap, and Windows NT Event logs. For shared folder session outbreaks, OfficeScan sends notifications through email. Configure settings when OfficeScan sends notifications through these channels. For details, see Administrator Notification Settings.
To configure the security risk outbreak criteria and notifications:
Notifications > Administrator Notifications > Outbreak Notifications
In the Criteria tab:
Go to the Virus/Malware and Spyware/Grayware sections:
Specify the number of unique sources of detections.
Specify the number of detections and the detection period for each security risk.
Trend Micro recommends accepting the default values in this screen.
OfficeScan sends a notification message when the number of detections is exceeded. For example, under the Virus/Malware section, if you specify 10 unique sources, 100 detections, and a time period of 5 hours, OfficeScan sends the notification when 10 different endpoints have reported a total of 101 security risks within a 5-hour period. If all instances are detected on only one endpoint within a 5-hour period, OfficeScan does not send the notification.
In the Criteria tab:
Go to the Shared Folder Sessions section.
Select Monitor shared folder sessions on your network.
In Shared folder sessions recorded, click the number link to view the computers with shared folders and the computers accessing the shared folders.
Specify the number of shared folder sessions and the detection period.
OfficeScan sends a notification message when the number of shared folder sessions is exceeded.
In the Email tab:
Go to the Virus/Malware Outbreaks, Spyware/Grayware Outbreaks, and Shared Folder Session Outbreaks sections.
Select Enable notification via email.
Specify the email recipients.
Accept or modify the default email subject and message. You can use token variables to represent data in the Subject and Message fields.
Variable |
Description |
Virus/Malware outbreaks |
|
%CV |
Total number of viruses/malware detected |
%CC |
Total number of computers with virus/malware |
Spyware/Grayware outbreaks |
|
%CV |
Total number of spyware/grayware detected |
%CC |
Total number of computers with spyware/grayware |
Shared folder session outbreaks |
|
%S |
Number of shared folder sessions |
%T |
Time period when shared folder sessions accumulated |
%M |
Time period, in minutes |
Select additional virus/malware and spyware/grayware information to include in the email. You can include the client/domain name, security risk name, date and time of detection, path and infected file, and scan result.
Accept or modify the default notification messages.
In the Pager tab:
Go to the Virus/Malware Outbreaks and Spyware/Grayware Outbreaks sections.
Select Enable notification via pager.
Type the message.
In the SNMP Trap tab:
Go to the Virus/Malware Outbreaks and Spyware/Grayware Outbreaks sections.
Select Enable notification via SNMP trap.
Accept or modify the default message. You can use token variables to represent data in the Message field. See Token Variables for Security Risk Outbreak Notifications for details.
In the NT Event Log tab:
Go to the Virus/Malware Outbreaks and Spyware/Grayware Outbreaks sections.
Select Enable notification via NT Event Log.
Accept or modify the default message. You can use token variables to represent data in the Message field. See Token Variables for Security Risk Outbreak Notifications for details.
Click Save.
See also: