How to set email notification for KES events [KES for Windows]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

There are multiple settings in both KES and KSC that allow to set notifications about various events. This article is based on example of setting complaint notification (message send to administrator if the users considers the blocking of the page to be mistaken).

Let's review three main scenarios, when KES is connected to KSC (either constantly or intermittently) and when it is not connected.

KES is always connected to KSC

How to set

To set address for email notifications go to Administration Server properties -> Notification delivery settings -> Notification and input email into Recipients filed.

To enable email notifications do the following

1. Open KES policy
2. Navigate to KES policy -> Event notification -> Warning -> Web page access blockage message to administrator
3. Press Properties
4. Mark Notify by email checkbox

What to expect

Once the user will fill the form (way to change default complaint message will be covered later in this article) and press Send, Network agent will send event to KSC. Once KSC will receive it, email notification will be send to administrator. The default email will look like this:

Event "%EVENT%" happened on computer %COMPUTER% in the domain %DOMAIN% on %RISE_TIME% %DESCR%

%EVENT%, %COMPUTER%, %DOMAIN%, %RISE_TIME% are self explanatory, while %DESCR% may rise some questions. This part will be substituted the whole message that the user put in to the complaint form. 

You can change format of the email at Administration Server properties -> Notification delivery settings -> Notification. Note that it will affect all email notifications

KES in not connected to KSC

How to set

1. Open KES GUI
2. Navigate to Settings -> Endpoint control -> Web Control and press Templates
3. Switch to Message to administrator tab
4. Input address for notifications into To field
5. Change Subject of the email and notification text if required.
6. Open General Settings -> Interface -> Notifications Settings configure SMTP client connection settings in "Email notification settings" menu of Notifications.

What to expect

Once the user will fill the form (way to change default complaint message will be covered later in this article) and press Send, KES will send email to specified address. It will contain everything user put into the form.

KES is connected to KSC from time to time

How to set

1. Follow the steps described in KES is always connected to KSC section. This will set KES for the time it has connection to KSC
2. Do the same as described in KES is not connected to KSC with only difference – make changes to policy not KES local settings. This will set KES for the time when it is not connected to KSC:
   1. Open KES policy
   2. Navigate to Endpoint control -> Web Control and press Templates
   3. Set email address that will receive notifications when KES is not connected to KSC
   4. Change Subject of the email and notification text if required.

What to expect

When KES has connection to KSC you will receive message from KSC described in KES is always connected to KSC section. When KES has no connection to KSC you will receive email from KES described in KES is not connected to KSC section. The same goes for cases when out-of-policy is used.

How it works

As noted earlier, when you manage KES using Kaspersky Security Center you can specify two methods of email notification delivery, both of them could be configured in KES policy.

KSC settings

Open KES policy properties navigate to “Event configuration”, select event that you are interested in, mark “Notify by email”

In this case, network agent transport will be used to deliver notification to KSC, then KSC will send an email to specified recipients. 

If you tracing KES activity, specialized information will be recorded in KES.version.date.time.PID.connector.log and KES.version.date.time.PID.SRV.log for each event sent by Nagent transport.

KES settings

Open KES policy, General Settings -> Interface -> Notifications Settings, leave tick marks in column "Notify by email" next to events that you are interested.

Also you will have to configure SMTP client connection settings in "Email notification settings" menu of Notifications. 

In this case, KES will send emails using it’s own mail client, from computer where event was registered. 

KES actions will be recorded in KES.version.date.time.PID.SRV.log