locked
Forefront Realtime Email Notifications Information

    Question

  • We use forefront  security on our sharepoint farm and when we recieve notifications that a file may contain a virus or a file was blocked the information contained in the message is useless.  I have added all the fields available in the help and none of them can tell us the user that tried to upload and to where.

    We need to know what user tried to upload the file and to where so we can track them down.
    Thursday, January 22, 2009 4:13 PM

All replies

  • So, the Virus Administrators notification should show the following:

    Microsoft Forefront Security for SharePoint Realtime Scan has detected a virus.
    Virus name:
    File name:
    State:
    Location:

    File Administrators shows:

    Microsoft Forefront Security for SharePoint Realtime Scan has matched a filter.
    Filter name:
    File name:
    State:
    Added by:

    Keyword Administrators shows:

    Microsoft Forefront Security for SharePoint Realtime Scan has matched a filter.
    Filter name:
    File name:
    State:
    Location:

    This is all setup under Report\Notification.  Is this the notification that you are referring to?  If so, then yes.  It won't tell you what user tried to upload it.  However, for Virus and Keyword, it will tell you the location (company/server).  For File, it will tell you added by.  I don't believe Forefront can get any more specific on where the file was being uploaded to.

    However, under Settings\Antivirus, if you have Quarantine enabled,

    Monday, January 26, 2009 8:25 PM