Virus email alerts generated by PM rather than client

Regular Member

Virus email alerts generated by PM rather than client

Hi,

 

Is there a way to force the clients to notify Policy Manager that a virus has been detected which in turn emails a recipient rather than it taking place on a client?  At the moment the clients notify a recipient which isn't great so am looking for solutions to this issue.

 

I thought that this was in the pipeline but haven't seen any documentation on this.

 

FPMC -version 12

Workstations - version 11.50-60

 

Any feedback would be great.

 

Thanks,
Al

1 ACCEPTED SOLUTION

Accepted Solutions
Regular Member

Re: Virus email alerts generated by PM rather than client

Hi Marina,

 

I sorted this out in the end and was down to some firewall rules that were set up.

 

Thanks for your help with this.

 

Regards,
Al

10 REPLIES 10
F-Secure

Re: Virus email alerts generated by PM rather than client

Hello,

 

There are two ways to avoid sending email alerts from client:

1) Configure report scheduling in Policy Manager Web Reporting.

2) Configure forwarding alerts to syslog (PMC > Tools > Server configuration > Syslog) and then set up email notification for chosen syslog events.

BR,
Marina
Regular Member

Re: Virus email alerts generated by PM rather than client

Hi Marina,

 

Thanks for your reply.  I think the second option is best for us and am testing now.

 

The problem is that I can't generate any logs on the syslog server.  I have tried the following

- Referenced the syslog server by name and IP (PMC > Tools > Server configuration > Syslog)

-Changed the potocol type (PMC > Tools > Server configuration > Syslog)

- Disabled firewalls

- Used multiple alerts to determine if alerting is working at all (Policy Domain > Settings > Alert Forwarding)

- Have tested on two syslog servers and can't generate any logging for FPMC.

 

Is there anything else I could try?

 

Regards,

Al

Scholar

Re: Virus email alerts generated by PM rather than client

There should be an easier way to just send alerts from PM by email! I thought I had set it up by configuring the mail server settings in server configuration.
F-Secure

Re: Virus email alerts generated by PM rather than client

First, only new alerts are forwarded to syslog, so please ensure that alerts were received by PM from client after you configured forwarding to syslog.

Second, could you please ensure that other apps are able to send alerts to syslog from the same machine to exclude connectivity issues?

BR,
Marina
F-Secure

Re: Virus email alerts generated by PM rather than client

Hello David,

 

In server configuration you can only configure server alerts sending, not the client ones.

BR,
Marina
Highlighted
Scholar

Re: Virus email alerts generated by PM rather than client

But isnt the point of having a server so that you can have things centralized? So having clients individually sending alerts doesnt make sense.
F-Secure

Re: Virus email alerts generated by PM rather than client

Using email as a delivery channel is not provident when we are speaking about thousands of alerts potentially arriving to PMS. That is why syslog or SIEM integration is preferred option as you can use them not only for accumulating but also creating business rules for notifying administrator in emergent situations.

BR,
Marina
Regular Member

Re: Virus email alerts generated by PM rather than client

Hi Marina,

 

I'm testing the process by using the F-secure EICAR_Test_File script so can make changes and then test.

 

I'm still not having any luck with the syslog and have tested another application to generated the logs which worked.  To confirm, the syslog is generated by the FPMC server and not the client.  Is it worth installing the syslog server directly on the FPMC server?  Is this supported by F-Secure?

 

Regards,

Al

Scholar

Re: Virus email alerts generated by PM rather than client

It would be fine for some of us, especially if there were filters. Give us the option.