locked
Virus Detection RRS feed

  • Question

  • When virus' are detected, is the default action to delete the virus and then email the antivirus team, or does the virus sit there until the user selects smartclean to delete the virus and then an email is sent to the antivirus team? This would represent a problem on servers where no-one may be logged on.

    For PUP the setting seems to be that the user has to perform some kind of action such as smartclean and once this has been done then an email is sent to the antivirus team.

    What I would like to happen is for anything which is deemed serious, for an email to be sent straight away to inform the antivirus team and for the virus to be deleted automatically. I know PUPs are different and probably require some kind of action by the user.

    What is the best configuration settings in the console to make sure that an email is sent immediately, and the virus gets deleted?

    Thanks.
    Monday, January 5, 2009 11:11 AM

All replies

  • Hi,

    The default action depends on the type of malware detected (included in the definition file) the default action is automatic unless overrides are defined. The default action is taken within 10 min (unless a user interacts and executes default action before that). Unfortunatly this time is non-configurable.
    I'm not sure what you mean by "e-mailing the antivirus team". Are you talking about your own antivirus team or microsofts team?
    An automated email to Microsofts team does not get sent (Are you using SpyNet?) and an email can be sent to local antivirus admin. 


    /Johan  
    MCSE, forefront spec | www.msforefront.com
    Wednesday, January 7, 2009 9:34 AM
  • Hi Johan,

    I mean the local antivirus team on site. I have set up the notification in MOM, but do not see these emails coming through until the user clicks on smartclean.

    Thanks.

    Wednesday, January 7, 2009 5:10 PM