Configuring administrator and user notifications

Event notification settings give you a choice of methods for configuring and composing a message text.

To configure event notification settings:

  1. In the Application Console tree, open the context menu of the Logs and notifications node and select Properties.

    The Logs and notifications settings window opens.

  2. On the Notifications tab select the notification mode:
    1. Select the event for which you wish to select a notification method from the Event type list.
    2. In the Notify administrators or Notify users group settings, select the check box next to the notification methods that you wish to configure.

      You can only configure user notifications for the following events: Object detected, Untrusted external device detected and restricted event, and Network session listed as untrusted event.

  3. To add the text of a message:
    1. Click the Message text button.
    2. In the window that opens, enter the text to be displayed in the corresponding event message.

    You can create the same message for several event types: after selecting a notification method for one event type, use the Ctrl or Shift key to select the other event types for which you want to use the same message, and then click the Message text button.

    1. To add fields with information about an event, click the Macro button and select the relevant fields from the drop-down list. Fields with event information are described in the table in this section.
    2. To restore the default event message text, click the By default button.
  4. To configure how administrators will be notified about a selected event, select the Notifications tab, and in the Settings section, click the Notify administrators button. Then, in the Advanced settings window, configure the selected notification methods. To do this, perform the following actions:
    1. For email notifications, open the Email tab and specify the email addresses of recipients (delimit addresses with semicolon), name or network address of the SMTP server, and port number in the appropriate fields. If necessary, specify the text that will be displayed in the Subject and From fields. The text in the Subject field can also include variables with information about the event (see table below).

      If you want to apply user account authentication when connecting to the SMTP server, select Authentication settings in the Use SMTP authentication group and specify the name and password of the user whose user account will be authenticated.

    2. For notifications using Windows Messenger Service, create a list of recipient protected devices for notifications on the Windows Messenger Service tab: for each protected device that you wish to add, click the Add button and enter its network name in the input field.
    3. To run an executable file, on the Executable file tab, select a file on the local drive of the protected device or enter the full path to it. This file will be run on the protected device when the event occurs. Enter the user name and password which will be used to execute the file.

      System environment variables can be used when the path to the executable file is specified; user environment variables are not allowed.

      If you wish to limit the number of messages of one event type over a period of time, on the Advanced tab, select Do not send the same notification more than and specify the number of times and a time interval.

  5. Click the OK button.

The configured notification settings are saved.

Fields with event information

Variable

Description

%EVENT_TYPE%

Event type.

%EVENT_TIME%

Event time.

%EVENT_SEVERITY%

Importance level.

%OBJECT%

Object name (in Real-Time Computer Protection and On-Demand Scan tasks).

The Software Modules Update task includes the name of the update and the address of the web page with information on the update.

%VIRUS_NAME%

The name of the object according to the Virus Encyclopedia classification. This name is included in the full name of a detected object that Kaspersky Industrial CyberSecurity for Nodes returns on detecting an object. You can view the full name of a detected object in the task log.

%VIRUS_TYPE%

The type of detected object according to the Kaspersky classification, such as "virus" or "trojan". It is included in the full name of a detected object, which is returned by Kaspersky Industrial CyberSecurity for Nodes when it finds an object infected or probably infected. You can view the full name of a detected object in the task log.

%USER_COMPUTER%

In Real-time File Protection tasks, the name of the protected device of the user who accessed the object on the device.

%USER_NAME%

In Real-Time File Protection tasks, the name of the user who accessed the object on the device.

%FROM_COMPUTER%

Name of the protected device where the notification originated.

%EVENT_REASON%

Reason the event occurred (some events do not have this field).

%ERROR_CODE%

Error code (only for the "internal task error" event).

%TASK_NAME%

Task name (only for events related to task performance).

Page top