[KB7247] Configure ESET endpoint products to send automated detection notifications (7.x and later)

Issue

  • Configure ESET endpoint client workstations to send event messages or detection messages to a designated email address

Solution

ESET Security Management Center (ESMC) users: Perform these steps in ESMC

  1. Open the main program window of your Windows ESET product.

  2. Press the F5 key to access Advanced Setup.

  3. Click Tools → Notifications and expand Email Notifications.

  4. Click the slider bar next to Send notification by email to enable it.
Figure 1-1
  1. Type the following information in the appropriate fields:
  • SMTP Server - the IP address of your mail server. If the server is outside of your local network, the threat notification messages may be filtered as spam.
  • Username and Password - if your SMTP server requires you to log in using credentials.
  • Sender address - the address that sends the notification emails.
  • Recipient addresses - the address the notification emails will be sent to. Use a semicolon to separate multiple addresses.
Figure 1-2
  1. Expand the Message format section, select the text and variables to include in the notification emails that are displayed on remote computers. In the editable text field, customize the predefined format of event messages and the format of threat warning messages. The system variables below are supported.
  • Select Local from the Charset drop-down menu to enable converting an email to the ANSI character encoding based upon Windows Regional settings.
  • Click the slider bar next to Use Quoted-printable encoding to enable the Quoted-printable format which uses ASCII characters and can correctly transmit special national characters by notification email in 8-bit format.

Pre-defined system variables include:

  • %ComputerName% - Name of the computer where the alert occurred.
  • %ProgramName% - Program that generated the alert.
  • %TimeStamp% - Date and time of the event.
  • %UserName% - Name of the logged user where the alert occurred.
  • %InfectedObject% - Name of infected file, message, etc.
  • %VirusName% - Identification of the infection.
  • %ErrorDescription% - Description of a non-virus event.
  • %Scanner% - Module concerned.
  • %Action% - Action taken over infiltration.
Figure 1-3
  1. Click OK to submit changes and exit Advanced setup. The client workstation will now send threat notifications automatically.