blog.hosebei.ch

SCCM 2012 – Malware detection E-Mail Alert

by

martin

·

, ,

In System Center 2012 Configuration Manager, it is easy to configure a E-Mail Alert, when malware is recognized on a system which is protected by System Center Endpoint Protection.

Your first step, is to configure a proper connection to send the E-Mail. Navigate to your Central Administration or Primary Site, and open Configure Site Components to chose Email Notification:
Configure your settings and send a Test-Mail:
If you received the Test-Mail, go further, and configure alerting on Collections, open properties for the collection where you want to get a mail, when malware is found:
After this step, you can configure the conditions, but in this case, i just used standard values. By clicking on OK, the alerting is possible, but not activated yet. To do this, click on Monitoring, and open the tree “Alerts”, chose “Create Subscripton, to active your Email Alert:
The Wizard appears, and have to select your Malware Alert previous generated. As you might see, you can configure the subscription for more than only one address:
So, but now, I would like to test, if it’s really works. No worries, just before you download a real virus, just take the eicar, a Test Malware from the Microsoft recommended website (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Glossary.aspx#e):
http://www.eicar.org/86-0-Intended-use.html

When you try to run the file, shortenly after, you will receive your email, and you can check your SCEP Log:
I hope this helps.

Comments

8 responses to “SCCM 2012 – Malware detection E-Mail Alert”

  1. Michael Nilsen Avatar
    Michael Nilsen

    Hi Chris, great actical and blog, has helped me heaps so thanks!

    Just a quick question regarding alerting, can you point me in the right direction for sending a alert when the End Point Definitions are out of date for say more then two days?

    Also Is there are way to create a report for the above and then have that emailed weekly?

    Thanks Chris 🙂

    Reply
    1. Nicolas Avatar
      Nicolas

      Hi,

      you can modify this script to check the date and send you an email : http://gallery.technet.microsoft.com/scriptcenter/Check-End-Point-Protection-875ffdc6

      Bye
      Nicolas

      Reply
      1. Martin Wüthrich Avatar
        Martin Wüthrich

        Very nice script, thank you for your comment!

        Reply
  2. Andrew Kenny Avatar
    Andrew Kenny

    We had our setup working fine until we noticed that all alert for Malware detection were going into a “Cancelled” state. Thus, no email would be sent out. How can we fix this?

    Reply
  3. LittleBob Avatar
    LittleBob

    Hi, I know this is an old posting but might you know how one can get alerts when workstations are are outside of the domain, i.e. traveling laptops? It would be great if SCEP could use the client’s Outlook MAPI to send an email alert, for example. Thanks

    Reply
  4. Chris Avatar
    Chris

    Hello,
    I find Alerts are showing as ‘Never Triggered’ even though the test Virus was cleaned and the malware detected windows show remediated.
    Thanks
    Chris

    Reply
  5. Rasel Avatar
    Rasel

    Hello!

    I have configured the SCCM alert. But now I have received malware detected alert from the workstation and none of the files exists in the workstation location. So what I should do?

    Please give a suggestion.

    Thanks
    Rasel

    Reply
    1. Martin Wüthrich Avatar
      Martin Wüthrich

      check the quarantine folder, the files my be already moved.

      Reply

Leave a Reply to Martin Wüthrich Cancel reply

Your email address will not be published. Required fields are marked *