Email alerts, when virus is found

Hi,

customer is complaining about three things.

1 )  Email alert is useless, because it doesn't show that virus XY was found on Device name / IP , but only that SOMETHING is happening . Subsequent emails are only trash, because there is no helpful information. Only, that somewhere was another virus found. There should be link to infected workstation. 

2 )  It takes ages between event, that virus was found and email, which alerts administrators. This need to be fixed ASAP, looks like information flows very slow with major delays. Like

Virus found -> waiting for regular client server communication -> waiting for Christmas to send virus info to admin

OT should think about ZAV as critical part of ZEN Suite not as some add-on. Unpatched workstation is possibly dangerous, workstation with virus is very dangerous. 

3 ) UI is not helpful, when looking for infected workstations, there are many mouse clicks , which should be repeated again and again. I don't care that there is 99 % of workstations OK, customer need the information about problem workstation quickly .

Anyone got already virus and battled with it ?

David

Parents Reply
  • 0   in reply to   

    For #2......

    Testing using the VIrus test file from this site:

    https://www.eicar.org/download-anti-malware-testfile/  (It's not an actual virus, but all AV Vendors will treat it as such for testing reasons.)

    It' may be tricky to test....as browsers often block it so it may not even get to your PC for AV to pick up....Just takes a bit of fiddling.

    Once ZAM picks flags/quarantines/deletes the file.....Test 3 different things to see if any of them speed up what you want to see in the ZCC.

    "ZAC AU","ZAC MRS", or "ZAC STS ROLLUP".

    If any of the three help, we may be able to tweak some settings to speed it up depending on which one helps....

    But I suspect current behavior is by design where the local recording does not trigger a status rollup to the server.

    Presumably, because the Agent will Quarantine/Clean/etc.....so the report is just informational.

    Or that is my guess.   Mind you, I've not had infections often enough to pay too much attention.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

Children
No Data