This section lets you configure the two types of alerts generated by the AdaptiveDefense 360 local protection.
These are the alerts displayed by the agent on the affected computer when malware, intrusion attempts or unallowed devices are detected.
These are the alerts emailed to the administrator by the AdaptiveDefense 360 agent. These alerts contain information about the malware found on the affected computers as well as any violation of the policies defined in the Device Control module.
Select the Send email alerts checkbox to configure the alert message to be sent to the administrator:
From: Allows you to indicate the source email address of the alert. This address must belong to a mailbox managed by the mail server specified below or, at least, be accepted by the configured mail server in order to be forwarded by it. If the 'From' email address is left blank, the alert will be sent from the following address: computer_name@panda.local
Message subject: Enter the subject of the message. This will allow the administrator to add filters to their email client to sort the alert messages received.
Email address: You can enter multiple email addresses separated by a semicolon (;).
SMTP server to send the alert: Enter the IP address of the company's mail server. This address must be accessible from the AdaptiveDefense 360 local protection.
The server requires authentication: If the mail server is not an open relay for the company's internal IP addresses, it will be necessary to enter the appropriate credentials to send the alerts. These credentials are sent via the ESMTP protocol, AUTH LOGIN extension.
The email sent by the local protection to the administrator will contain the following basic information:
Malware type: Malware category.
Affected computer: Name of the computer where the malware was found.
Path (if applicable).
File (if applicable): Name of the file where the threat was detected.
Action: Remediation action taken automatically by the local protection.
An alert will be sent every time any of the following events occur:
A malware specimen is detected.
The Device Control module detects an unauthorized action on a device.
To avoid flooding the administrator's mailbox, Adaptive Defense 360 will enter 'epidemic mode' if it detects more that 20 events pertaining to the same malware or the same device in less than a minute.
From then on, a single message will be sent every five minutes with a summary of the events detected. To exit the epidemic mode, it will be necessary that two or more events of the aforementioned type do not occur within the same minute.
To prevent situations where the organization's internal mail server is down, cannot be accessed by the computer's local protection, or the customer does not have an SMTP mail server, the Adaptive Defense 360 platform can also send email alerts directly to the administrator's account without passing through the organization's internal mail server.
This feature is independent of the profile settings and can be set for the entire managed network by clicking the General settings button and then Preferences (Learn more)
Related topic
Email alerts sent from the Adaptive Defense 360 platform