Email Alerts - Windows 2008 Standard Server

Thursday, July 16, 2009 11:06 PMRyan Senio

0
Sign In to Vote
I've got FCS running on a Windows 2008 box. Clients can report in, things seem to be working. However I can't get email alerts to work when a virus is detected on a client machine. I've followed the steps here http://blogs.microsoft.co.il/blogs/yanivf/archive/2008/02/06/configure-e-mail-notifications-for-forefront-client-security-step-by-step-guide.aspx

To test whether or not it was my internal relay I followed the steps in http://support.microsoft.com/kb/920736 and was able to get the email from the generated alert as a test. Has anyone had issues, or been able to get email notifications to work from a FCS client that has a detected a virus? Should there not be alerts setup in MOM for this? I dont see it in the step by step article above
- Reply
- Quote

Answers

Friday, July 17, 2009 7:31 PMRyan Senio

0
Sign In to Vote
Actually, I had an email alert from one of my test clients with regards to the malware definition not updating (since fixed, i was screwing with WSUS). So I know it works, just not for detected viruses. I have the alert level set all the way to 5 also.
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorThursday, July 23, 2009 1:59 AM
- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 21, 2009 7:31 AM
- Reply
- Quote

All Replies

Friday, July 17, 2009 5:33 AMNick Gu - MSFTMSFT, Moderator

0
Sign In to Vote
Hi,

Thank you for posting.

Before going any further, I ‘d like to confirm the following question:

1.     Have you created an operator and assigned them to the “client security notifications" group?

2.     Have you configured the email server under global settings – email server?

3.     Also on the Exchange side, can you see if relaying is allowed for the MOM/FCS server or if they had to create an exclusion for the other MOM server that you
have.

Regards,

Nick Gu - MSFT
- Reply
- Quote
Friday, July 17, 2009 2:03 PMRyan Senio

0
Sign In to Vote
Yes to all, except on number 3. I haven't seen any instructions on that portion. However the test I performed in article http://support.microsoft.com/default.aspx/kb/920736 was successful
- Reply
- Quote
Friday, July 17, 2009 7:31 PMRyan Senio

0
Sign In to Vote
Actually, I had an email alert from one of my test clients with regards to the malware definition not updating (since fixed, i was screwing with WSUS). So I know it works, just not for detected viruses. I have the alert level set all the way to 5 also.
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorThursday, July 23, 2009 1:59 AM
- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 21, 2009 7:31 AM
- Reply
- Quote
Friday, July 17, 2009 7:47 PMRyan Senio

0
Sign In to Vote
Ok, so more developments. I see in the MOM Admin Console where the alerts for each level are setup. It's basically triggered by an entry in the event log of the client machine. However the event id's that it's looking for dont seem to be the actual event id's that are logged. For example, on a vista/xp machine downloading the eicar test virus produces the event id 3004. There is no trigger for that event, in any of the alert levels. Stupid...
- Reply
- Quote