Virus / PUA event email trigger Interval time or Manual trigger

Hello Azwan,

a quite sparse general description, so I'm not sure I understand you correctly and what it is you need to know.

As you explicitly name Virus/PUA in the subject I assume you are asking about the Messaging in the AV policy and not the  Email Alerts (Warning/Critical level exceeded) from the console? Anyway, I'll try to cover both.

SMTP configuration and test successful

The test is very simplistic - it only verifies that an SMTP is listening on port 25, accepting the connection and initiating the dialog. It does not verify that mail would actually be accepted or delivered. This applies both to Endpoint and SEC alerts. Furthermore the connection is made from the host running the console GUI. Thus a successful test does neither prove that the connection would work from an endpoint nor, in case of a remote console, that it would work from the management server. 

As there's no indication that mailing has been attempted or failed (at least with normal logging levels) I'd start with the SMTP logs and check whether a connection has been made or not and if, what happened to the message.

Christian   

Hi Christian,

Thanks for the feedback  I have done simple virus detection on client machine with eicar test file and status update at console within few second after finish scanning.

However  SMTP didn't detect or logged any connection from SEC for the email alert and back to the question How to force or manual trigger SEC to send email alert to SMTP (with STMP test successfull) or does SEC have certain interval time and retry session?. 

Hello Azwan,

it sound like you expect the mail to be sent from SEC.

SEC does not alert you about individual events on the endpoints but only when levels are exceeded (but this would be the case if there is currently no computer with such an alert and the levels are set to 0.00%). When exceeded means that the dashboard status changes "up" to Warning or Critical.

Christian