Security Center Sending Email Alerts On Events Not Marked For Email Alerts

[Rick.Cooper]

Specifically, I am tired of getting notices about people trying to interact with USB drives. I have disabled email notices for all events related to prohibited device access but I still get the all day every day. Here is an example:

Application: Kaspersky Endpoint Security for Windows
Operating system: Windows 10 64-bit
Computer name: XXXXXXX
Domain: XXX
Notifications:
Critical event: 1/6/2022 7:38:08 AM:
Event type: Operation with the device prohibited
Device category: Device
Device type/Bus type: Removable drives
Device ID: USBSTOR\DISK&VEN_SMI&PROD___READER&REV_1.00\12345678901234567890&0
Device VID/PID: VEN_SMI&PROD___READER
User: NT AUTHORITY\SYSTEM (Initiator)
Result\Decision: Block
Result\Operation: Write
 

I have critical Operation with the device set without email notification and storage for 7 days

as well as Warning Device Connection Blocked se the same way. Obviously it’s triggered on the critical event. I would just like the emails to stop. Any suggestions? 

 

 

[DonKid]

Have you disabled events in policy?
Click policy properties
Click General settings>Interface>Notifications and uncheck the events you don't want to receive.

[Rick.Cooper]

Yes, as I described above. I do have them retained on the server but email/sms/etc is not checked. I in fact removed the default email address for those events as well and I have another 48 emails since I posted this question. The policies are administrated via the security Center so there is no general->interface-Notifications there is Event Configuration and 4 tabs for Critical, Functional Failure, Warning and Info. I have disabled related in both tabs where it exists. I really don’t want to completely disable tracking just notification

[Rick.Cooper]

My bad I just noticed there is General and then way down, General Settings. I am going through those now and will let you know but I bet you’re on target.

[Rick.Cooper]

That was it, not a single once since going through the interface→notifications. It makes no sense to my how I can disable them in the event configuration notification section and that does nothing but live and learn.

 

Thanks so much