A notification is a message that contains information about an event in Kaspersky Security operations on a protected Microsoft Exchange server.
You can configure the receipt of notifications about the following events in application operations:
Depending on the type of event, the application may send a notification about the event in the form of an email message, or log the information to the Windows Event Log.
You can enable Windows Event logging for all notifications except information about the status of Anti-Virus and Anti-Spam databases and about system errors in application operations.
If the organization is managing the application through Kaspersky Security Center and Windows Event logging is enabled, information about the following events is additionally transmitted to Kaspersky Security Center:
Kaspersky Security does not email notifications about the detection of spam messages, mass emails, or messages containing phishing links. You can enable Windows Event logging for these events.
Notifications contain detailed information about the message in which the object was detected and about the actions that the application performed in relation to the specific detection. The text of notifications is generated based on preset templates. For certain events, you can create individual notification templates.
Sending notifications by email
Kaspersky Security sends event notifications by email. The application uses the Microsoft Exchange server web service to send notifications. Before using notifications, you must specify the web service address and the authentication settings on the Microsoft Exchange Server.
You can specify notification recipients for every event.
The recipient of any notification sent by email can be an administrator or any other email address. You can additionally notify the message sender and recipients about the detection of infected or password-protected objects, and about filtered attachments and content. The recipient is the email address specified in the "To" field of the message. When an object is detected in the mailbox of an internal user of the organization, notifications will be sent even if messages have not actually been sent out of the mailbox (for example, if they have been saved in the Drafts folder with the "To" field filled in).
By default, no notification recipients are specified.
Forwarding notifications to external senders and recipients of messages
By default, Kaspersky Security allows sending notifications on object processing only to internal email addresses of senders and recipients of messages scanned.
An email address is classified as internal if it belongs to a domain listed among Accepted Domains of protected Microsoft Exchange servers in your organization.
If the address list of your company contains contacts with addresses from another company, these addresses are classified as external.
Notifications based on the Anti-Virus module scan results
Kaspersky Security lets you receive individual notifications when the following events occur:
Kaspersky Security sends one notification on detection of objects of each type in a single message, regardless of the number of objects detected. For example, if five infected objects and two password-protected objects were detected in a message, Kaspersky Security sends one notification about the detection of infected objects and one notification about the detection of password-protected objects.
Notifications based on the Anti-Spam module scan results
Kaspersky Security can write information about the following events to the Windows Event Log:
Notifications about license-related events
Kaspersky Security creates the following notifications of license-related events:
This notification is sent after every update of the application databases on the Security Server if the active key of the Security Server is on the key denylist. A notification is sent by each Security Server with an added key that is found in the key denylist.
This notification is sent once every 24 hours (00:00 UTC) according to the value of the setting defined in the Notify about license expiration in advance (days before) field in the Notifications node. The validity period of the active and reserve keys of the Security Server is taken into account when a notification is sent.
This notification is sent once every 24 hours (00:00 UTC) if the application has not been able to connect to the Kaspersky activation servers to confirm the license status in a long time.
This notification is sent once every 24 hours (00:00 UTC) if the active key has expired and a reserve key is missing or the subscription period has expired.
This notification is sent once every 24 hours (00:00 UTC) if the license status could not be updated because the application has not been able to connect to the Kaspersky activation servers to confirm the license status in a long time, and the license status update period has expired.