I’m trying to configure Comodo One MSP so, that in case an endpoint detects malware/virus, a ticket and a notification/email is generated with the details and info regarding the system.
I can’t find how to do that.
Any procedure or ‘How to’ to do that?
Thanks in advance
Hello @ailan,
ITSM can be configured to send alert emails to selected administrators and users on events like detection of a new infection.
You can refer to our in-depth guide on how to configure email notifications during an infection here:
https://help.comodo.com/topic-399-1-…fications.html
Thank you.
What will you do with that alert? Go clean the computer?
This type of alert would be good because all sorts of actions like double check backup, prevent spreading etc needs to be done.
For a lot of reasons:
1st: it’s always good to be aware of a malware/virus detection and to be on top of a possible outbreak. (like spreading as StrobeTech commented.)
2nd: to keep track of exceptional user or system behaviour. If a user or systems has a lot of detections then maybe the user is doing something wrong on the system.
Agreed. Specifically point 2.
Thanks for the responds.
I configured that (https://help.comodo.com/topic-399-1-…fications.html) but still no notifications or email at a detection.
I checked this by downloading/opening an EICAR testfile. The file is detected, and I can choose to clean or ignore it.
What I want is that a ticket or email is generated for that instance.
I only saw one notification that ‘The list of quarantine items on the device was updated’ which directed me to the quarantine list. But even there the EICAR testfiles weren’t listed.
Are there any other settings I can try?
On a managed virusscan platform that would be one of the first things you want to configure, I think.
Thanks.
Hi @ailan ,
Thank you for bringing this issue to our attention.
We want to further investigate your issue and we will get in touch with your shortly via email.
Do you realize if you use our endpoint security you don’t have to worry about it?
Is that so? I wonder what will happen if the user is not aware of a malwarefile and chooses to ignore the warning and opens the infected file.
Hello @ailan,
Excellent question. The platform is designed to handle such instances once a similar event arises, even on white-listed file paths.
The protection that each endpoint will receive depends on the profile that is associated with it. There are numerous protection components that we offer, from File Rating system, Antivirus, HIPS, Containment, etc. You can learn more about each component containing a description of each here:
File Rating: https://help.comodo.com/topic-399-1-786-10203-File-Rating-Settings.html
Antivirus: https://help.comodo.com/topic-399-1-786-10202-Antivirus-Settings.html
Firewall: https://help.comodo.com/topic-399-1-786-10204-Firewall-Settings-.html
HIPS: https://help.comodo.com/topic-399-1-786-10207-HIPS-Settings.html
Containment: https://help.comodo.com/topic-399-1-786-10205-Containment-Settings.html
Virusscope: https://help.comodo.com/topic-399-1-786-10206-VirusScope-Settings.html
Valkyrie: https://help.comodo.com/topic-399-1-786-10208-Valkyrie-Settings.html
If you are uncertain about a file and want a safe environment to test the file, you can try using the Shared Space feature of the CIS/CCS. Our protection suite will create a virtual desktop using a similar environment that the suite is connected to and you will see if how the file would react in the virtual environment.
You can learn more about Shared Space here:
https://help.comodo.com/topic-72-1-522-6278-Starting-the-Virtual-Kiosk.html
Thank you.
Thank you for the links Riley. I was aware of the different layers of protection, which is good and can tackle ignorance of a user in most cases.
But then, I think it’s better that not only the client see’s the warning of detection, but that the system could be configured that also the system administrator or MSP gets a signal via a email or ticket.
Regards
Hello @ailan,
We will further investigate the issue through the email that was sent earlier.
Thank you.
As @melih says we should not have to worry, but id rather have a tick created as I know users will panic, phone and ask.
if we are aware before the call it looks more professional and if any actions are needed we already have this covered.