Jump to content

Email notification for dynamic group


Recommended Posts

I'm having some issues with dynamic groups and them not working as i'm expecting them to.

 

my dynamic policy template uses Active threats > Threat handled, equals no

I believe this should allow detection of computers with non-self resolved threats, which it appears to do.

 

A dynamic group was then created referencing this template. Using eicar as a test with the AV client set to not self-clean on detection, the test machine correctly appeared in the dynamic group.

However, marking this threat as resolved in ERA6 does not make it disappear from the dynamic group.

 

is this correct functionality?

 

 

I'm also having some issues with email notification. test SMTP works fine, however when using smtp for a notification that is linked to the above dynamic group, i dont see an email. is there any info on diagnosing what i've done wrong?

Link to comment
Share on other sites

  • Administrators

Have you sent a on-demand scan task from ERA to that computer? To clear active threats on a client, a scan must be initiated from ERA using the In-depth scan profile (which should be by default) and the threat must be cleaned properly on the client. In the case of detection of potentially unsafe, unwanted applications, uncleanable viruses or archives containing also clean files besides threats, you may want to customize the profile and set the cleaning mode to Strict cleaning as stuff like this is not cleaned automatically without user's intervention.

Link to comment
Share on other sites

  • ESET Staff

There is a difference between "active threats" dynamic group and "marking threat as resolved in Threats tab". One does not affect the other. Marking threats are resolved is only affecting the "unresolved threats counter" in the computers tab + the corresponding counter in the "threats" tab.

 

The only way, how to remove the computer from the "active threats dynamic group" (as stated above by Marcos) is to run a full in-depth scan with cleaning enabled on the target machine, ideally with the profile set to "strict cleaning". Once the scan is completed, the computer will be removed from the dynamic group. You can automate execution of such task by triggering it by "joined dynamic group trigger", meaning task is started the moment, when the computer enters the dynamic group.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...