A notification is an email message or Windows log entry that contains information about an event in Kaspersky Security operations on a protected Microsoft Exchange server.
You can configure the receipt of notifications about the following events in application operations:
Sending notifications by email
Kaspersky Security sends event notifications by email. The application uses the Microsoft Exchange server web service to send notifications. Before using notifications, you must specify the web service address and the authentication settings on the Microsoft Exchange Server.
You can specify notification recipients for every event. By default, no notification recipients are specified.
Kaspersky Security allows you to enable event recording to the Windows Event Log (for all events except those related to system errors). Kaspersky Security does not email notifications about the detection of messages containing spam. You can enable the logging of events about the detection of messages containing spam in the Windows Event Log.
Notifications about the detection of objects in messages during scanning by the Anti-Virus module
Kaspersky Security allows you to receive notifications of the following events:
Notifications about these events contain detailed information about the message in which the object was detected and about the actions that the application performed on the object and the message. The text of these notifications is generated on the basis of preset templates. You can configure templates for each event and each recipient individually. This allows you to create individual notification text for each particular case.
When creating templates, you can use the following variables in the message text.
Kaspersky Security sends one notification on detection of objects of each type in a single message, regardless of the number of objects detected. For example, if five infected objects and two corrupted objects were detected in a message, Kaspersky Security sends one notification on detection of infected objects and one notification on detection of corrupted objects.
If a scan of a user mailbox detected infected, password-protected, or corrupted messages, or messages with attachments that meet the filtering criteria, and if sending notifications to email addresses of external senders and recipients has been enabled, then the application will send such notifications to recipients specified in the To field of each message. Notifications will also be sent even if messages have not actually gone out of the user mailbox (if they, for example, have been saved in the Drafts folder with the To field filled in).
Sending notifications on object processing to external message senders and recipients
By default, Kaspersky Security allows sending notifications on object processing only to internal email addresses of senders and recipients of messages scanned.
An email address is classified as internal if it belongs to a domain listed among Accepted Domains of protected Microsoft Exchange servers in your organization.
If the address list of your company contains contacts with addresses from another company, these addresses are classified as external.
Notifications about license-related events
Kaspersky Security creates the following notifications of license-related events:
This notification is sent after every update of the application databases on the Security Server if the active key of the Security Server or the DLP Module has been blacklisted. Every Security Server on which a key was added that had been blacklisted, sends a notification. The application sends different notifications on a key of the Security Server or a key of the DLP Module being blacklisted.
This notification is sent once every 24 hours (00:00 UTC) according to the value of the setting defined in the Notify about license expiration in advance (days before) field in the Notifications node. The validity period of the active and additional keys of the Security Server and DLP Module is taken into account when a notification is sent.
This notification is sent once every 24 hours (00:00 UTC) if the application has not been able to connect to the Kaspersky Lab activation servers to confirm the license status in a long time.
This notification is sent once every 24 hours (00:00 UTC) if the active key has expired and an additional key is missing or the subscription period has expired. Notifications are sent for the Security Server key and for the DLP Module key.
This notification is sent once every 24 hours (00:00 UTC) if the license status could not be updated because the application has not been able to connect to the Kaspersky Lab activation servers to confirm the license status in a long time, and the license status update period has expired.
Notifications about the detection of messages containing spam
You can enable logging to the Windows Event Log for the following events:
You can configure individual templates for each event. This allows you to create individual notification text for each particular case.
When creating templates, you can use the following variables in the message text.