Jump to content

Rick.Cooper

Members
  • Posts

    4
  • Joined

  • Last visited

    Never

Posts posted by Rick.Cooper

  1. Yes, as I described above. I do have them retained on the server but email/sms/etc is not checked. I in fact removed the default email address for those events as well and I have another 48 emails since I posted this question. The policies are administrated via the security Center so there is no general->interface-Notifications there is Event Configuration and 4 tabs for Critical, Functional Failure, Warning and Info. I have disabled related in both tabs where it exists. I really don’t want to completely disable tracking just notification

  2. Specifically, I am tired of getting notices about people trying to interact with USB drives. I have disabled email notices for all events related to prohibited device access but I still get the all day every day. Here is an example:

    Application: Kaspersky Endpoint Security for Windows
    Operating system: Windows 10 64-bit
    Computer name: XXXXXXX
    Domain: XXX
    Notifications:
    Critical event: 1/6/2022 7:38:08 AM:
    Event type: Operation with the device prohibited
    Device category: Device
    Device type/Bus type: Removable drives
    Device ID: USBSTOR\DISK&VEN_SMI&PROD___READER&REV_1.00\12345678901234567890&0
    Device VID/PID: VEN_SMI&PROD___READER
    User: NT AUTHORITY\SYSTEM (Initiator)
    Result\Decision: Block
    Result\Operation: Write
     

    I have critical Operation with the device set without email notification and storage for 7 days

    as well as Warning Device Connection Blocked se the same way. Obviously it’s triggered on the critical event. I would just like the emails to stop. Any suggestions? 

     

     

×
×
  • Create New...