Notification delivery
May 15, 2024
ID 58433
Notification is an email message that contains information about an event, which occurred on a protected SharePoint Server.
Kaspersky Security supports the delivery of notifications on the following events in the application:
- Detection of infected, password-protected, and corrupted objects, or unwanted content during an on-access scan
- Detection of infected, password-protected, and corrupted objects, or unwanted content during an on-demand scan
- Change of database status and condition
- Execution of an on-demand scan task and its results
- Detection of inactive SharePoint servers
- License-related events
Kaspersky Security sends event notifications by email. The application uses a SMTP server to send notifications. You can select an SMTP server used on SharePoint or specify a different SMTP server.
You can specify notification recipients for each event. By default, no notification recipients are specified.
You can edit the text in the automatic notification of events that are logged by anti-virus scanning and content filtering. When making templates for notifications about events related to on-access and on-demand scans, you can use the following variables:
Variables in notification templates
Variable name | Variable value |
%ACTION% | The application's action on the object. |
%AUTHOR% | Name of the user who is the file author. If the user cannot be recognized (e.g., during an on-demand scan), the variable takes on the value |
%BACKUP_RESULT% | Object backup result. |
%FARM_NAME% | Name of the server farm associated with the event. |
%FILE_NAME% | Name of the object scanned by the application. |
%FILE_URL% | Path to the object on SharePoint. |
%FILE_VERSION% | Version of the file scanned by the application. This variable can only be used in notifications about events of an on-demand scan. |
%INCIDENT_ID% | Unique ID of the incident. The ID allows finding information about the event in the application event log and Backup. |
%LAST_MODIFIER% | Name of the user who has been the last to make any changes to the file. If the user cannot be recognized (e.g., during an on-demand scan), the variable takes on the value |
%ODS_TASK_NAME% | Name of an on-demand scan task. This variable can only be used in notifications about events of an on-demand scan. |
%OPERATION_TYPE% | The user's action on the object (e.g., downloading the file from a SharePoint website to the user's computer). This variable can only be used in notifications about events of an on-access scan. |
%SERVER_LOCAL_DATETIME% | Date and time the malicious object or unwanted content was detected on the server. The variable takes on the value of the local time of the server. |
%SERVER_NAME% | Name of the server associated with the event. |
%THREAT_DESCRITION% | Name of the virus or category of unwanted words and phrases. |
%USER% | Name of the user associated with the event. This variable can only be used in notifications about events of an on-access scan. |
%UTC_OFFSET% | Time shift regarding UTC (Coordinated Universal Time). |
For other events (such as changes in the database status and condition, or license-related events), the notification text remains unchanged.
Notifications about license-related events
Kaspersky Security checks licenses of Security Server and the DLP Module after each database update. The application sends notifications about license-related events in the following cases:
- If the license expires soon
The application sends the notification once per day (at 12:00 A.M. UTC) if both the active key and the additional key expire. By default, the application starts sending notifications 15 days before this event. You can change the term for sending the license expiration notification.
- If the license already expired
The application sends the notification once per day (at 12:00 A.M. UTC) if the active key expired and no additional key is available.
- If the active key has been added to the black list of keys
When updating anti-virus databases, the application checks the black list of keys for active keys. The application sends a notification if at least one active key has been found in the black list of keys.
Kaspersky Security sends special notifications about events related to Security Server and DLP Module licenses.
