SCCM 2012 – Malware detection E-Mail Alert

In System Center 2012 Configuration Manager, it is easy to configure a E-Mail Alert, when malware is recognized on a system which is protected by System Center Endpoint Protection.

Your first step, is to configure a proper connection to send the E-Mail. Navigate to your Central Administration or Primary Site, and open Configure Site Components to chose Email Notification:
Configure your settings and send a Test-Mail:
If you received the Test-Mail, go further, and configure alerting on Collections, open properties for the collection where you want to get a mail, when malware is found:
After this step, you can configure the conditions, but in this case, i just used standard values. By clicking on OK, the alerting is possible, but not activated yet. To do this, click on Monitoring, and open the tree “Alerts”, chose “Create Subscripton, to active your Email Alert:
The Wizard appears, and have to select your Malware Alert previous generated. As you might see, you can configure the subscription for more than only one address:
So, but now, I would like to test, if it’s really works. No worries, just before you download a real virus, just take the eicar, a Test Malware from the Microsoft recommended website (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Glossary.aspx#e):
http://www.eicar.org/86-0-Intended-use.html

When you try to run the file, shortenly after, you will receive your email, and you can check your SCEP Log:
I hope this helps.

6 thoughts on “SCCM 2012 – Malware detection E-Mail Alert

  1. Hi Chris, great actical and blog, has helped me heaps so thanks!

    Just a quick question regarding alerting, can you point me in the right direction for sending a alert when the End Point Definitions are out of date for say more then two days?

    Also Is there are way to create a report for the above and then have that emailed weekly?

    Thanks Chris 🙂

  2. We had our setup working fine until we noticed that all alert for Malware detection were going into a “Cancelled” state. Thus, no email would be sent out. How can we fix this?

  3. Hi, I know this is an old posting but might you know how one can get alerts when workstations are are outside of the domain, i.e. traveling laptops? It would be great if SCEP could use the client’s Outlook MAPI to send an email alert, for example. Thanks

  4. Hello,
    I find Alerts are showing as ‘Never Triggered’ even though the test Virus was cleaned and the malware detected windows show remediated.
    Thanks
    Chris

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s