"New Risk Detected" notification condition has been configured in Symantec Endpoint Protection Manager (SEPM) console in order to send an e-mail everytime a new threat is detected. However, this does not include Tamper Protection events, which can be generated in the case of an attack.
As there is no specific Tamper notification condition, how can we ensure such events will be triggered and email will be sent?
Tamper events are part of "Client Security Alert" condition.
1. Connect to SEPM
2. Go to "Monitors"
3. Go to "Notifications" tab
4. Click on "Notification Conditions" button at the bottom of the console
5. Click on "Add..." and select "Client Security Alert"
6. In the top of the new window, specify condition name, filtering settings (optional) and outbreak type
7. Check "Application Control Events"
8. Specify condition and damper settings
9. Check "Send email to:" and type email address to use
NOTE: more details available regarding each setting by clicking on "Help" button at the bottom of the window
SEPM 11.0.x with Mail Server configured.
Imported Document ID: TECH169534
Subscribing will provide email updates when this Article is updated. Login is required.