Chapter 5: Configuring Event Notifications

  • Article

 

Applies to: Forefront Security for SharePoint

Event notifications provide a convenient way for administrators to get information about virus and filtering events without having to continually check the Incidents Log. Following the steps described in this chapter, you can configure notifications to be sent automatically to the e-mail address of the administrator you specify.

You can also use notifications to inform users about actions taken on their SharePoint files. By writing these clearly and explicitly, you can help your users understand what has happened, help alleviate any concerns, or inform them of who to contact for more information.

Not only can such notifications reduce help desk calls, but they can help enhance the security of your environment. For example, if a user has sent a file in which a virus was detected, their computer may have been infected in some way. Your notification can provide specific instructions such as “Please turn off your computer immediately and call the Emergency Virus Hotline at…” This can help stop the spread of viruses from that computer and possibly prevent further damage.

In this chapter

Configuring notifications

To configure a notification

About dynamic keywords

To turn off a notification

Configuring notifications

Typically, each notification is used to report the details of a virus infection or the results of file and keyword filtering and includes the name of the virus and the action taken on the infected or filtered file. Forefront Security for SharePoint notifications are organized by:

  • The type of event reported: either virus detection or the results of filtering.
  • The recipient: Administrator (as identified in the setup of Forefront Security for SharePoint), Author, (the person who created the file in question), and Last Modified User (the last person to modify the file in question).

You take two steps to set up and send notifications:

  1. In the Notification work pane, you enable the message to be sent to administrators and users.
  2. To send enabled notifications, check Send Notifications when you configure specific scan jobs (Selecting and Configuring Antivirus Scan Engines) or filters (Configuring File and Keyword Filters).

Note

You must configure an SMTP server for SharePoint Portal Server to use when sending the e-mail notifications.

To configure a notification

  1. Under REPORT, click Notification.
  2. Under Name, select the notification you want to send.
    Make sure it is Enabled. If is not, click Enable at screen right.
    c032a514-71ce-4b9f-a884-d7f0242daa98
  3. Fill in the To: field just as you would for an e-mail address (keeping in mind the information below).
    The list of those who can receive notifications includes aliases and groups. User names must follow the syntax below:
    • For servers in a domain: domain\username
    • For servers in a workgroup: servername\username
  4. Fill in the Subject: and Body: fields.
    You can use the default text provided or write a new subject line and message using dynamic keywords. (Find out more about dynamic keywords.)
  5. To insert a dynamic keyword, right-click in the Subject: or Body: field where you want to insert it, and select Paste Keyword from the list.
    87018763-7b8b-438a-8538-13b465842896
  6. Click the dynamic keyword you want to add. Repeat to add other keywords.
  7. Click Save.
  8. If you want to customize another notification, return to Step 2.

About dynamic keywords

These are macros that gather information from the file in which the infection was found or filtering was performed and substitute actual data for the key word.

For example, to include the name of the virus in the Subject of the message, you could use the %Virus% macro in the Subject field: “Forefront Security for SharePoint found the %Virus% virus.” The keyword &Virus& will then be replaced in the e-mail message with the name of the virus. You can include other keywords that, for example, give the name of the file or folder where the problem was found.

To turn off a notification

You may want to disable a notification—for example, if you set one up for a particular virus that’s no longer an issue.

  1. Under REPORT, click Notification.
  2. Under Name, select the notification you want to turn off, and click Disable.
  3. Click Save.