Jump to content

Security Center Sending Email Alerts On Events Not Marked For Email Alerts


Go to solution Solved by DonKid,

Recommended Posts

Posted

Specifically, I am tired of getting notices about people trying to interact with USB drives. I have disabled email notices for all events related to prohibited device access but I still get the all day every day. Here is an example:

Application: Kaspersky Endpoint Security for Windows
Operating system: Windows 10 64-bit
Computer name: XXXXXXX
Domain: XXX
Notifications:
Critical event: 1/6/2022 7:38:08 AM:
Event type: Operation with the device prohibited
Device category: Device
Device type/Bus type: Removable drives
Device ID: USBSTOR\DISK&VEN_SMI&PROD___READER&REV_1.00\12345678901234567890&0
Device VID/PID: VEN_SMI&PROD___READER
User: NT AUTHORITY\SYSTEM (Initiator)
Result\Decision: Block
Result\Operation: Write
 

I have critical Operation with the device set without email notification and storage for 7 days

as well as Warning Device Connection Blocked se the same way. Obviously it’s triggered on the critical event. I would just like the emails to stop. Any suggestions? 

 

 

  • Solution
Posted

Have you disabled events in policy?
Click policy properties
Click General settings>Interface>Notifications and uncheck the events you don't want to receive.

Posted

Yes, as I described above. I do have them retained on the server but email/sms/etc is not checked. I in fact removed the default email address for those events as well and I have another 48 emails since I posted this question. The policies are administrated via the security Center so there is no general->interface-Notifications there is Event Configuration and 4 tabs for Critical, Functional Failure, Warning and Info. I have disabled related in both tabs where it exists. I really don’t want to completely disable tracking just notification

Posted

My bad I just noticed there is General and then way down, General Settings. I am going through those now and will let you know but I bet you’re on target.

Posted

That was it, not a single once since going through the interface→notifications. It makes no sense to my how I can disable them in the event configuration notification section and that does nothing but live and learn.

 

Thanks so much

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...