Endpoint Protection

 View Only

  • 1.  Getting an Alert Email for Specific DLL quarantined

    Posted Jan 08, 2020 12:00 PM

    Hello,

     

    Is it possible within SEPM to get an email alert anytime a specific .dll is quarantined on any machine? If you are in agreement about utilizing "Notification Condition" feature of SEPM for this, where exactly would I put the dll name under :risk name"? and Action taken would be "quarantined?"



  • 2.  RE: Getting an Alert Email for Specific DLL quarantined

    Trusted Advisor
    Posted Jan 09, 2020 03:05 AM

    Hi Adamster81 if you are seeing the specific .dll being quarentined by SEP then it would give it a specific risk name. Then I would use a notification "New Risk Detected" and in risk name put the symantec name that detects it. You can then further refine the notification if you are seeing it in a specific SEP group etc. Hope this helps.



  • 3.  RE: Getting an Alert Email for Specific DLL quarantined

    Posted Jan 11, 2020 04:40 AM

    Thank you for that, but what we need is not necessarily an alert based on risk name but an alert anytime a specific dll is quarantined.



  • 4.  RE: Getting an Alert Email for Specific DLL quarantined

    Trusted Advisor
    Posted Jan 14, 2020 05:18 AM

    Try in notifications conditions > Add > Forced application detected > In application name put the .dll you want to notify on.