In System Center 2012 Configuration Manager, it is easy to configure a E-Mail Alert, when malware is recognized on a system which is protected by System Center Endpoint Protection.
Your first step, is to configure a proper connection to send the E-Mail. Navigate to your Central Administration or Primary Site, and open Configure Site Components to chose Email Notification:
Configure your settings and send a Test-Mail:
If you received the Test-Mail, go further, and configure alerting on Collections, open properties for the collection where you want to get a mail, when malware is found:
After this step, you can configure the conditions, but in this case, i just used standard values. By clicking on OK, the alerting is possible, but not activated yet. To do this, click on Monitoring, and open the tree “Alerts”, chose “Create Subscripton, to active your Email Alert:
The Wizard appears, and have to select your Malware Alert previous generated. As you might see, you can configure the subscription for more than only one address:
So, but now, I would like to test, if it’s really works. No worries, just before you download a real virus, just take the eicar, a Test Malware from the Microsoft recommended website (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Glossary.aspx#e):
When you try to run the file, shortenly after, you will receive your email, and you can check your SCEP Log:
I hope this helps.
8 thoughts on “SCCM 2012 – Malware detection E-Mail Alert”
Hi Chris, great actical and blog, has helped me heaps so thanks!
Just a quick question regarding alerting, can you point me in the right direction for sending a alert when the End Point Definitions are out of date for say more then two days?
Also Is there are way to create a report for the above and then have that emailed weekly?
Thanks Chris 🙂
you can modify this script to check the date and send you an email : http://gallery.technet.microsoft.com/scriptcenter/Check-End-Point-Protection-875ffdc6
Very nice script, thank you for your comment!
We had our setup working fine until we noticed that all alert for Malware detection were going into a “Cancelled” state. Thus, no email would be sent out. How can we fix this?
Hi, I know this is an old posting but might you know how one can get alerts when workstations are are outside of the domain, i.e. traveling laptops? It would be great if SCEP could use the client’s Outlook MAPI to send an email alert, for example. Thanks
I find Alerts are showing as ‘Never Triggered’ even though the test Virus was cleaned and the malware detected windows show remediated.
I have configured the SCCM alert. But now I have received malware detected alert from the workstation and none of the files exists in the workstation location. So what I should do?
Please give a suggestion.
check the quarantine folder, the files my be already moved.