How to use custom scan option variables from Symantec Endpoint Protection event notifications.
Notifications can be configured using variables along with custom text in the notification fields for Auto-Protect, email protection and user-defined scans, either from the Symantec Endpoint Protection client UI or from the Symantec Endpoint Protection Manager. For centrally managed clients, the administrator may lock some of these settings from the Symantec Endpoint Protection Manager.
Notification and remediation options
Display a notification message when a risk is detected
Enables or disables notifications on infected computers when Auto-Protect or a user-defined scan finds a virus or a security risk.
You can modify the type of information that you want to appear in the message. You can use the default text or you can delete text and type in your own text. If you right-click inside of the text box, you can insert variable fields into the notification text. In the message itself, the relevant text automatically replaces the variable fields.
Message variables displays the default message variables and the variables that you can add.
The client might need to terminate a process or stop a service to remove or repair a risk.
The following options are available:
Terminate processes automatically
If you enable this option, the client terminates processes automatically. If you disable this option, Symantec Endpoint Protection prompts you before it takes action on a process.
Stop services automatically
If you enable this option, the client stops services automatically. If you disable this option, the client prompts you before it takes action on a service.
You are always notified when a restart is required. You can then save data and close open applications or opt out of the restart.
Note that message variables must be entered exactly as they appear in the table below and be contained within brackets. For example with a notification by AutoProtect, the default alert notification variable "LoggedBy" would display Auto-Protect. The entry in the notification reads "Scan type: [LoggedBy] Scan" and will display "Scan type: Auto-Protect Scan" if a detection is made by AutoProtect, or if a threat is found during a scheduled scan it will show "Scan type: Scheduled Scan". The wording before an after the variable can be what ever the user/administrator chooses.
The type of scan that detected the virus or security risk.
The type of event, such as "Risk Found."
The name of the virus or security risk that was found.
The complete path and name of the file that the virus or the security risk has infected.
The drive on the computer on which the virus or security risk was located.
The name of the computer on which the virus or security risk was found.
The name of the user who was logged on when the virus or security risk occurred.
The action that was taken in response to detecting the virus or security risk. This action can be either the first action or second action that was configured.
The date on which the virus or security risk was found.
The state of the file: Infected, Not Infected, or Deleted.
The name of the file that the virus or the security risk has infected.
The affected area of the application, such as File System Auto-Protect or Lotus Notes Auto-Protect.
A full description of the actions that were taken in response to detecting the virus or security risk.
Imported Document ID: TECH96900
Subscribing will provide email updates when this Article is updated. Login is required.