This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting Alerts via Email on Drop only

Hello, I recently set the action for the entire Spyware Put group to be drop(red down arrow), instead of drop and alert. However, I am still getting email alerts on anything that is "SPYWARE-PUT Trackware casalemedia runtime detection", I check inside the group and that rule is set for only DROP.

I should not be getting emails if it is set to DROP only correct?

This thread was automatically locked due to age.

0 Billybob over 19 years ago

You only have two options on Intrustion protection. Drop (intrustion prevention) or alert ( intrusion detection). When you change the rule to drop, when it's triggered, it is considered an intrusion prevention and is controlled by your settings under Intrusion Protection --> Settings -->Notification Levels. You can chage the blocked packet notification to none if you prefer not to get any emails. You can tweak that setting to your liking but per rule basis email is not supported.

HTH[:D]
Cancel
Vote Up 0 Vote Down

Cancel
0 seatacsupport over 14 years ago

I have tried google and its pretty unclear what " SPYWARE-PUT Trackware casalemedia runtime detection " is exactly. How can I find out what it is and where it might have orginiated from ??
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 14 years ago

Seatac, in the alert, there wil be a SID (snort ID). You can look up its meaning at: Search for SNORT ID's

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel