Notifications
April 2, 2024
ID 139450
A notification is a message that contains information about an event in Kaspersky Security operations on a protected Microsoft Exchange server.
You can configure the receipt of notifications about the following events in application operations:
- Detection of infected or password-protected objects in messages
- Detection of spam messages, mass emails, and messages containing phishing links
- Detection of content and attachments that meet the filtering criteria
- Detection of a stream of same-type messages sent from an internal corporate mailbox
- Change of the status and condition of Anti-Virus and Anti-Spam databases
- License expiration, and other license-related events
- System errors
Depending on the type of event, the application may send a notification about the event in the form of an email message, or log the information to the Windows Event Log.
You can enable Windows Event logging for all notifications except information about the status of Anti-Virus and Anti-Spam databases and about system errors in application operations.
If the organization is managing the application through Kaspersky Security Center and Windows Event logging is enabled, information about the following events is additionally transmitted to Kaspersky Security Center:
- Detection of infected or password-protected objects in messages
- Detection of content and attachments that meet the filtering criteria
- License expiration, and other license-related events
Kaspersky Security does not email notifications about the detection of spam messages, mass emails, or messages containing phishing links. You can enable Windows Event logging for these events.
Notifications contain detailed information about the message in which the object was detected and about the actions that the application performed in relation to the specific detection. The text of notifications is generated based on preset templates. For certain events, you can create individual notification templates.
Sending notifications by email
Kaspersky Security sends event notifications by email. The application uses the Microsoft Exchange server web service to send notifications. Before using notifications, you must specify the web service address and the authentication settings on the Microsoft Exchange Server.
You can specify notification recipients for every event.
The recipient of any notification sent by email can be an administrator or any other email address. You can additionally notify the message sender and recipients about the detection of infected or password-protected objects, and about filtered attachments and content. The recipient is the email address specified in the "To" field of the message. When an object is detected in the mailbox of an internal user of the organization, notifications will be sent even if messages have not actually been sent out of the mailbox (for example, if they have been saved in the Drafts folder with the "To" field filled in).
By default, no notification recipients are specified.
Forwarding notifications to external senders and recipients of messages
By default, Kaspersky Security allows sending notifications on object processing only to internal email addresses of senders and recipients of messages scanned.
An email address is classified as internal if it belongs to a domain listed among Accepted Domains of protected Microsoft Exchange servers in your organization.
If the address list of your company contains contacts with addresses from another company, these addresses are classified as external.
Notifications based on the Anti-Virus module scan results
Kaspersky Security lets you receive individual notifications when the following events occur:
- Infected object detected
- Password-protected object detected
- Attachment or content meeting the filtering criteria detected in a message
- Exceeded limit on the number of same-type messages sent from an internal email address
Kaspersky Security sends one notification on detection of objects of each type in a single message, regardless of the number of objects detected. For example, if five infected objects and two password-protected objects were detected in a message, Kaspersky Security sends one notification about the detection of infected objects and one notification about the detection of password-protected objects.
Notifications based on the Anti-Spam module scan results
Kaspersky Security can write information about the following events to the Windows Event Log:
- Spam message detected
- Message containing a phishing link detected
- Message containing mass email detected
Notifications about license-related events
Kaspersky Security creates the following notifications of license-related events:
- Notification about a key being added to the key denylist.
This notification is sent after every update of the application databases on the Security Server if the active key of the Security Server is on the key denylist. A notification is sent by each Security Server with an added key that is found in the key denylist.
- Notification about a pending license expiry.
This notification is sent once every 24 hours (00:00 UTC) according to the value of the setting defined in the Notify about license expiration in advance (days before) field in the Notifications node. The validity period of the active and reserve keys of the Security Server is taken into account when a notification is sent.
- Notification about an error updating the license status.
This notification is sent once every 24 hours (00:00 UTC) if the application has not been able to connect to the Kaspersky activation servers to confirm the license status in a long time.
- Notification about an expired license.
This notification is sent once every 24 hours (00:00 UTC) if the active key has expired and a reserve key is missing or the subscription period has expired.
- Notification about an unsuccessful attempt to update the license status and about the expiration of the license update period.
This notification is sent once every 24 hours (00:00 UTC) if the license status could not be updated because the application has not been able to connect to the Kaspersky activation servers to confirm the license status in a long time, and the license status update period has expired.
