Endpoint Protection

Hi,

I have installed/configured SEPM 11.0.6005.562 in our organisation. i want SEPM should send mail to user's whos systems got infected with viruses or trojens.

Is there any Tool or procedure available.please help

Thanks
Parthasarathi Dash(Dassy)
 

In  SEPM there is no such functionality.
SEPM cannot do so. What SEPM can do is you configure email notification , but even that will not send email to specfic user stating that their machine is infected.


Title: 'How to Configure Symantec Endpoint Protection Manager to Send Email Alerts'
Document ID: 2008031219333348
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008031219333348?Open&seg=ent


Title: 'How do I setup email alerts in the Symantec Endpoint Protection Manager (SEPM)?'
Document ID: 2008091102224948
> Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008091102224948?Open&seg=ent

SEPM cannot  send  email to the users whio have  got infected, as it would  not know what is the email address odf the user that  is logged  into the infected  computer.
However, as Prachand has  mentioned above, you  can configure email notifications to be sent  to an administrator, once there  is  a risk event  on any  of the clietns.

In addition, you could construct a mesage that   could apeear on the infected computer, as soon as there is an infection.
See  below:

SEPM cannot send the mail to to the user whose pc is affected.But it can send mail to a common ID like your help desk mail ID,in case of virus infection.For more info refer these KBs.
Creating administrator notifications
Creating notifications in the Symantec Endpoint Protection Manager

@Prachand

Thank you for the links to the guides.

I do however feel there's missing a way to send a test notification/mail to verify that the settings are correct.
Is there an official way to do this, or is the only way to trigger an event?

Best regards,
Michael

There is an enhancement request for the same in idea section
Ref:Testing e-mail notification functionality in SEPM version 11.0 
Any way you can try this
How to test the e-mail notification feature in the Symantec Endpoint Protection Manager Console.

Hi folks,

This thread is now included in the Security Solutions Contest!  Anyone can participate, and all you do is answer / solve the threads which are included in the contest each week.  Check out the blog and details here:

https://www-secure.symantec.com/connect/blogs/security-solutions-contest-be-king-week

 

Good luck everyone!

Eric

You could just have SEP notify them when it happens instead.

In your case what I feel is it is better to keep the notification option.So if any  risk is got detected at the same moment the user will get a popup saying that a virus got detected.He can also find additional details like virus name,file name etc from the same window.

Or

 

If you want to inform your user by mail only ,you may create a a notification for single risk event and configure your mail ID/Helpdesk mail ID/Or a convinient mail ID so that any pc got affected with virus ,in the configured mail ID will get a notification via mail.Then you can forward the same to corresponding user.

 

 

If you are having less no. of users you can create  single risk event notifications  correponding to each user/system and provide the corresponding user's mail ID for sending mail for corresponding mail notification.In case if you have more users it will be a huge task

 

For additional information on how to configure refer the links present in the earlier posts.

Guys the customer has  a  specific requirement, Which is not POSSIBLE from SEPM. What we are trying to give is nowhere near to what he is accepting.

The workaround that is being suggested is not relevant to the requirement.

At times we need to be Straight Forward while conveying what our software can do and what it cannot. I thought of suggesting  him to go for  Product Enhancement  to IDEA section, but  what I think is this is very very ambitious even development would thinks twice before implementing.

Now what we need to find , from Parthasarathi Dash , what he needs .I need to know why he wants to send a user an email regarding that is machine is infected.

If a machine is infected and the SEPM knows about that, this would only  happen when the client forwards the log to the SEPM. So if that is the case then the Client WILL RECEIVE the Auto Protect alert so that the client is aware of the Detection.

Say the Client misses that and it is reported tin the SEPM. Rather sending email to the user the machine is infected, what the Admin needs to do is Run a FULL SCAN from the SEPM on the clients with the latest defs,