So we use to get an email alert on any Threats being detected ie:
User: Domain\User
Scan: On-access
Machine: Machinename
File "C:\Documents and Settings\user\My Documents\Downloads\n8.scr" belongs to virus/spyware 'Troj/Backdr-ID'.
File "C:\Documents and Settings\user\My Documents\Downloads\n8.scr" belongs to virus/spyware 'Troj/Backdr-ID'.
We have noticed now that we do not get any alerts on malware or virus detections.
From a risk management perspective we should get an alert so that we can see if a user is being disrespectful of company policy. And if they are not scanning external drives before use and so on and so forth.
Even from the basics of seeing a mailware detection and wanting to check for further unknown drops into appdata or additional services/startup items. It is a requirment to know and react based on risk assesment of the threat.
Now it looks like myself and regional global counterparts have to sit with the web console open on the events view so to react to anything high risk.
It all seems to have become more apparant snce the email format changed on the 19/02/15.
Anyone else noticed or got thoughts on this?
This thread was automatically locked due to age.
