Hi.

I have the Administration Kit set up to send notifications for all types of events, which generally seems to be working reasonably well.

Some of our users, however, have a tendency to turn off ('pause') real-time protection on their workstations. I would like to receive a notification when this happens. I've spent quite some time trying to work out how to do this and cannot find a way.

I can see that the Administration Kit does know when certain workstations have the real-time protection inactive ('paused'), because when I look at Protection for that workstation, it tells me what real-time protection is currently doing. However, I can find no way of getting it to consider a status of 'paused' as a problem of any kind (when it most certainly _is_ a problem!), and it won't generate any alerts.

The best I've managed to do is to create a 'Computer query' which shows me which machines are at fault, but I can't find any ways of getting those queries to happen periodically and then send me a notification of their results.

If this is absolutely impossible to do (as it seems it might be) the next-best thing would be to disable the ability of users to pause their real-time protection... but I can't even find a way of doing this which works.

Any help would be greatly appreciated, as this is now causing me a great deal of frustration.

Many thanks in advance.

Kind regards.

Matt.

Hello

About your second request (to disable the ability of users to pause their real-time protection), you'll find the instructions in this FAQ.

About the ability to send an email each time the protection is paused by the user, it's possible via the notifications (Settings > Services) on the local interface of the Anti-Virus product. It's porbably possible through the Administration Kit, but for the moment I don't know how to perform this operation.

I hope these informations will help you.

Regards,
DB