Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

← Ideas

SCEP Malware Alerts - Customized

SCEP Malware Alerts - Customized
The ability to customize the text and have the ability to select which fields you wish to include within the Malware email alert.

77 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

5 comments

Attach a File
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Adrian commented  ·   ·  Flag as inappropriate

    Here is an example of what a good alert looks like. This should be a minimum of what is sent. Currently the Defender alert notification does not include the file in all cases (process hits), the IP address of the system (hostname is ok but the IP is not always static), a hash of the file (helps with searching for threat data), or true actions of what was done on the threat. At the very lease the alert sent by SCCM should include any and ALL data that Defender reports to the event log on the machine. This is currently not true. Our cyber teams have to search for the log data to get more information that should be in the alert.

    If you wanted to get one step ahead of the competition, create the ability to encrypt and zip the threat once quarantined to allow easy and safe retrieval and/or transmission of the threat for further analysis. Automating this encrypted submission to an internal team would be even better.

  • Adrian commented  ·   ·  Flag as inappropriate

    We should have better flexibility and customizability for SCEP alert capabilities. We can customize many notifications in SCOM to include or remove content gathered by the agent on a specific incident. Being able to create custom or refine existing alert rules would put SCEP on par with every other major AV suite out there like Symantec and McAfee does. We should also be able to specify parties which should receive such alerts individually. This should be fast tracked to the next release if not a feature patch. This is a major pivot point for governmental orgs that need to know what is happening, severity of it, what was done, when it happened or frequency, or other data that our cyber security teams deem necessary to evaluate the threat. The current alerting is insufficient to make an informed determination.

  • Erik Munson commented  ·   ·  Flag as inappropriate

    This is a basic feature that many of our custoers expect and is currently supported by competitive products. This would increase our products competitiveness.

  • Jeff Butte commented  ·   ·  Flag as inappropriate

    Multiple vendor AV products support alert customizations. This would increase competitiveness in the AV space by meeting key customer requirements.

  • Michael Indence commented  ·   ·  Flag as inappropriate

    I like to add to this comment and give an example similar to SCOM. In SCOM I can tailor subscription message to be very specific and customize the format. If we can get a option like that it would be much more effective. Working on a compete Mcafee easily does this. I need to be able to customize the message to include additional info and add additional content to the message body.

Ideas: Endpoint Protection

Feedback and Knowledge Base

(thinking…)