4 Replies Latest reply on Apr 2, 2008 3:11 PM by elreaver

    LD AV and Infection Alerts



      I would like to know how to configure my Alerts for real-time LANDesk Antivirus infection alerting.Anyone know if this is possible?  I'd like to know how I can setup instant email

      notifications of infected nodes, including the name of the infection,

      the node-name, and where it is/was infected on the local computer.



      I was informed by a LD representative that this would be possible with 8.8 and the new functionality with the Alerts...   so far, I've been unable to locate proper documentation on the new Alerting features, nor have I been successful figuring this out.



      Any help would be appreciated...



        • 1. Re: LD AV and Infection Alerts

          Here are some tips to hopefully get you started with setting up alerting on AV.

          1) Create a new Alert ruleset in the 32bit console and give it a name.

          2) Right click on the new ruleset and choose edit.

          3)  On the left click on alerts. This will populate the list in the center, left click on LANDesk Antivirus(found in the standard folder)

          4) On the right you will see all the different AV alerts populate. At this point choose what you want to be alerted on. Drag each desired one down to the alerts well at the bottom.

          5) Next you need to configure an email alert.  Left click on actions on the upper left, then choose send email, then create a new email action. Make sure you enter in a valid to and from and smtp server, in the body of the message you can put in variables

          %D - Description of the event.

          %S - Severity of the event.

          %N - Name of affected node.

          %T - Time of event.

          Drag it down to your well when done.

          Note: there have been changes from 8.7 to 8.8 for sendmail so if you do have problems with the email not sending, post a response and Ill give you the details, there is just a lot that goes into it.

          6) Then click on Time in the upper left and drag down Always or any desired timeframe.

          7) Click ok at the bottom and then publish on the right. Close the ruleset flexconsole.

          8) Now deploy this ruleset by right clicking on it and creating a task to deploy the ruleset. Deploy to the appropriate machines with AV agents on them.

          • 2. Re: LD AV and Infection Alerts


            That is exactly the help I needed



            • 3. Re: LD AV and Infection Alerts





              What is also quite cool is to set a thrshold for a virus "outbreak". If you have 5000 devices, then it might be normal to get 10 viruses a day, and you dont necessarily want to know about them, but you might want to know if you suddenly have 20 viruses detected in 60 Minutes - that would be an outbreak and worth worrying about. There is a threshold you can define for this, and a different alert. Might make life easier....



              1 of 1 people found this helpful
              • 4. Re: LD AV and Infection Alerts


                Good to know!



                Fortunatelly, I don't have nearly that many nodes to worry about.



                I'm paranoid enough, so I'd like to know if anything gets infected.