Email alert on discovery of virus with EPO question 2

[loafster]

Hi,

Got a bit of bother with out ePO software. I have inherited looking after the Anti Virus systems, and I am currently trying to work out how to generate a warning when a virus etc. is picked up. The guy who installed it all is long gone, and I really would like to see if I can crack this. We are using epo 3.1.1.84 and Virus Scan 7, and have Group shield for Exchange 5.5 on our email server.

The thing is, I am not sure how you are supposed to get email or network warning messages. I have tried installing Alert Manager 4.71 on the same server as ePO, and configuring it accordingly, but so far no luck.

What part of the setup should I have in place to configure email or network messages correctly? Can anyone provide a quick run down of what needs to be where to enable email warnings?

Thanks muchly in advance,

Tom B.

 

[VictorySabre]

Once you have installed Alert Manager on your ePO Server, you will need to configure the VirusScan 7 Alert Manager option to point the alerts to the ePO Server (or the name of the server running Alert Manager)

You will also need to modifiy the Alert Manager properties in ePO (for the Alert Manager server, which in this case is your ePO Server) to basically send the e-mail to the e-mail addresses you want to receive alerts, specify the outgoing mail server name, the subject line, and then it should work.

You can test the alert using the EICAR test virus to see if it works.

 

[loafster]

Followed your advice, and now it all seems to be working. EICAR tests generating both network and email alerts. It was the adjustment to the Virus Scan Alert Manager Alerts Policies that did it. Thanks very much for your help!!

Tom B.

 

[NickFerrar]

Heh yeah only changing the Alert Manager config locally on the ePO server and not changing the Alert Manager properties config in the actual ePO confused the heck out of me for a while as the config I'd done locally kept changing (as ePO policy was applied with the default Alert Manager config).

 

[jgantes]

I just stepped into an IT position at a company and we're looking at implementing Virus Scan 8.0i. Our setup is pretty decentralized, with all stores in the field connecting to the office via FTP through DSL. With this said, I wanted to deploy settings for an Alert Manager, but my McAfee rep has confused the heck out of me. Do I need ePO to utilize the Alert Manager features? Can I simply purchase the Alert Manager? And will Alert Manager work in my decentralized environment?

Sounds like you guys are pros-- Any help would be greatly appreciated.

Thanks.

 

[VictorySabre]

jgantes,

ePO is not needed if you want to use Alert Manager on your network. You would have to configure all settings manually on the server running Alert Manager to have all the required settings, such as SMTP server, subject name, etc. In addition to configuring Alert Manager's properties, you would also need to configure all your VirusScan settings to direct all Alert Manager messages to the appropriate server.

If you haven't deployed VirusScan 8.0i yet, you can use the Installation Designer software to "repackage" the 8.0i software to include all the required settings. That way, when the other offices install VirusScan, the settings will be preset by you.

When you say decentralized, do you mean that each store location has their own IT support staff and will be responsible for all viruses detected in their store only? You could have all alerts going to the head office or you can install an Alert Manager at each office location and point all the VirusScan clients in that office to their respective Alert Manager server and repeat for all offices.

I'm not involved with the licensing and purchasing side of things so I may not have the most accurate info. Several years ago when we renewed our licenses, Alert Manager was included with most licenses, if not all. I know ours include it. Your sales rep should be able to tell you if it is included in the package you are purchasing.

Not sure if this helps you or at least steers you in the right decision.

 

[jgantes]

Sounds like we don't need ePO so much as we need some for of Alert Manager. The product we're purchasing happens to be their Sm. Business Package which includes Protection Pilot. This suite does not include any form of an Installation Designer that I'm aware of. Is that only available in the ePO software suite?

I should have clarified what I meant by decentralized. Turns out each location is in fact a restaurant, hence there would not be any IT staff on the grounds. We just wanted a simple notification system that would allow us to monitor all restaurant locations from our HQ office.

All stores are setup as follows: DSL --> Firewall --> PC
The HQ office is similar: DSL --> Firewall --> Servers

With that said, I know ProtectionPilot uses port 81,82 and 8081-- but can VS 8.0i communicate with a Protection Pilot server through the interet with all those firewalls?

Appreciate the help so far.

 

[VictorySabre]

I think Protection Pilot is a "stripped down" version of ePO. I've never used it myself or know how it looks, but it may do some of the things ePO can. If it really is a stripped down version of ePO, you may be able to control some of your VirusScan settings at each location.

As you've mentioned, you have several firewalls. I'm not a firewall person (thank goodness) nor do I know the exact terminology or configuration at the firewall level, but I know our offices use firewalls as well as several VPN links between offices. I would just let my firewall admin know what ports are needed and he'll ensure all traffic is encrypted between the firewalls/offices with the appropriate ports opened and it works fine for us. So it should be doable for you, but you should check what your company's policy is and what is needed to ensure the appropriate ports are opened, in a safe manner, to allow communications between your stores and your HQ.

I would expect Installation Designer would be included as part of VirusScan Enterprise 8.0i. I don't think Installation Designer was advertised as being included when we got our package, but when we went to their Customer web site (where you enter a grant number), that is where we noticed we had access to Installation Designer. Again, maybe the sales rep may be able to tell you if it is included. (Maybe it is one of those things thrown in for free but unadvertised?)

At our subsidiary offices, I have Alert Manager installed at each office and configured to notify the local administrator and to me. Each office has access to their own local SMTP server so it was as simple as sending e-mail notification between our e-mail servers so that I am able to receive it at my HQ.

If your stores have access to the SMTP server at HQ, you could install Alert Manager at each site and configure Alert Manager to point to that SMTP server. Then configure VirusScan at that office to point to their local Alert Manager.

If your stores don't have access to the SMTP server at HQ and you need to install Alert Manager at your HQ, then you will need to configure VirusScan to point to HQ's Alert Manager. This may also require configuring addition settings in the firewall to allow VirusScan to communicate with the Alert Manager. (Not sure if this requires NetBIOS ports?)

In the examples above, those are just examples that popped in my head as I was composing this message and may or may not be appropriate for your situation. You should test out your desired config (or various configs) and see what issues needs to be addressed and what works out best for your environment that meets the company's policy. From what you've described, it appears to be doable but you may need to balance out what issues you may have going a certain route.