Endpoint removal notification

[katycomputersystems 1]

We have a half dozen computer that went from being fully protected to having no protection. Is is possible to get an email when that happens?

[MartinK 378]

I would recommend to check how notification named "Computers report problems alert" works . It might be suitable in this case. Notification, if enabled, monitors dynamic group "Problematic devices" and in case 5% threshold is reached, notification is triggered.

In case only specific alert from devices should be monitored, I would recommend to create custom dynamic group + clone mentioned notification with adaptation to custom dynamic group so that you get notification.

As an alternative, it is possible to create custom report with problematic devices, schedule it regularly and configure it to be sent to email only in case report is not empty. It is not optimal to use very aggressive time interval, which means response time will be slower than in case of notifications, but it will provide much more details in email itself.

[katycomputersystems 1]

Thanks. I want it as aggressive as possible. As soon as client is removed we need an email alert. That is after all, the very first thing an evil doer does -- they remove eset.

[MartinK 378]

On 4/9/2019 at 9:00 PM, katycomputersystems said:

Thanks. I want it as aggressive as possible. As soon as client is removed we need an email alert. That is after all, the very first thing an evil doer does -- they remove eset.

If this is the case it would be more complicated -> you actually have to cover two separate scenarios:

• Device is reporting error indicating protection is not working properly, for example installation is broken or protections were disabled. This should be covered by dynamic group "Problematic computers" or custom reports as in this case, error or fatal protection status will be reported
• Devices without security product. For this purpose there is no dynamic group and not no functionality problem will be reported. You will have to create either custom dynamic group or report for this purpose (we have prepared dynamic group for this scenario for upcoming release).