Configuring Security Risk Notifications for Administrators

  1. Go to Administration > Notifications > Administrator.
  2. In the Criteria tab:
    1. Go to the Virus/Malware and Spyware/Grayware sections.
    2. Specify whether to send notifications when OfficeScan detects virus/malware and spyware/grayware, or only when the action on these security risks is unsuccessful.
  3. In the Email tab:
    1. Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
    2. Select Enable notification via email.
    3. Select Send notifications to users with agent tree domain permissions.

      You can use Role-based Administration to grant agent tree domain permissions to users. If a detection occurs on any OfficeScan agent belonging to a specific domain, the email will be sent to the email addresses of the users with domain permissions. See the following table for examples:

      Table 1. Agent Tree Domains and Permissions

      Agent Tree Domain

      Roles with Domain Permissions

      User Account with the Role

      Email Address for the User Account

      Domain A

      Administrator (built-in)

      root

      mary@xyz.com

      Role_01

      admin_john

      john@xyz.com

      admin_chris

      chris@xyz.com

      Domain B

      Administrator (built-in)

      root

      mary@xyz.com

      Role_02

      admin_jane

      jane@xyz.com

      If any OfficeScan agent belonging to Domain A detects a virus, the email will be sent to mary@xyz.com, john@xyz.com, and chris@xyz.com.

      If any OfficeScan agent belonging to Domain B detects spyware, the email will be sent to mary@xyz.com and jane@xyz.com.

      Note:

      If you enable this option, all users with domain permissions must have a corresponding email address. The email notification will not be sent to users without an email address. Users and email addresses are configured from Administration > Account Management > User Accounts.

    4. Select Send notifications to the following email address(es) and then type the email addresses.
    5. Accept or modify the default subject and message. You can use token variables to represent data in the Subject and Message fields.
      Table 2. Token Variables for Security Risk Notifications

      Variable

      Description

      Virus/Malware detections

      %v

      Virus/Malware name

      %s

      Endpoint with virus/malware

      %i

      IP address of the endpoint

      %c

      MAC address of the endpoint

      %m

      Domain of the endpoint

      %p

      Location of virus/malware

      %y

      Date and time of virus/malware detection

      %e

      Virus Scan Engine version

      %r

      Virus Pattern version

      %a

      Action performed on the security risk

      %n

      Name of the user logged on to the infected endpoint

      Spyware/Grayware detections

      %s

      Endpoint with spyware/grayware

      %i

      IP address of the endpoint

      %m

      Domain of the endpoint

      %y

      Date and time of spyware/grayware detection

      %n

      Name of the user logged on to the endpoint at the time of detection

      %T

      Spyware/Grayware and scan result

  4. In the SNMP Trap tab:
    1. Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
    2. Select Enable notification via SNMP trap.
    3. Accept or modify the default message. You can use token variables in the following table to represent data in the Message field.
      Table 3. Token Variables for Security Risk Notifications

      Variable

      Description

      Virus/Malware detections

      %v

      Virus/Malware name

      %s

      Endpoint with virus/malware

      %i

      IP address of the endpoint

      %c

      MAC address of the endpoint

      %m

      Domain of the endpoint

      %p

      Location of virus/malware

      %y

      Date and time of virus/malware detection

      %e

      Virus Scan Engine version

      %r

      Virus Pattern version

      %a

      Action performed on the security risk

      %n

      Name of the user logged on to the infected endpoint

      Spyware/Grayware detections

      %s

      Endpoint with spyware/grayware

      %i

      IP address of the endpoint

      %m

      Domain of the endpoint

      %y

      Date and time of spyware/grayware detection

      %n

      Name of the user logged on to the endpoint at the time of detection

      %T

      Spyware/Grayware and scan result

      %v

      Spyware/Grayware name

      %a

      Action performed on the security risk

  5. In the NT Event Log tab:
    1. Go to the Virus/Malware Detections and Spyware/Grayware Detections sections.
    2. Select Enable notification via NT Event Log.
    3. Accept or modify the default message. You can use token variables in the following table to represent data in the Message field.
      Table 4. Token Variables for Security Risk Notifications

      Variable

      Description

      Virus/Malware detections

      %v

      Virus/Malware name

      %s

      Endpoint with virus/malware

      %i

      IP address of the endpoint

      %c

      MAC address of the endpoint

      %m

      Domain of the endpoint

      %p

      Location of virus/malware

      %y

      Date and time of virus/malware detection

      %e

      Virus Scan Engine version

      %r

      Virus Pattern version

      %a

      Action performed on the security risk

      %n

      Name of the user logged on to the infected endpoint

      Spyware/Grayware detections

      %s

      Endpoint with spyware/grayware

      %i

      IP address of the endpoint

      %m

      Domain of the endpoint

      %y

      Date and time of spyware/grayware detection

      %n

      Name of the user logged on to the endpoint at the time of detection

      %T

      Spyware/Grayware and scan result

      %v

      Spyware/Grayware name

      %a

      Action performed on the security risk

  6. Click Save.