Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

How can we improve Configuration Manager?

← Ideas

More granular settings for Endpoint Protection alerts for malware detection and alerting.

Currently SCCM lets you enable/disable some settings like the newer feature of PUA. It does not allow for alerts of malware and Endpoint Protection to be configured independently. Just because I want it detected, may not mean I wanted it reported on. We like PUA's being detected, but we do not want to be alerted on PUA, because we get too many each week, most of which are valid installers we use. We do not want to exclude them, because a new version of the .exe may have something we are not aware of. I would like to see alerts for malware granular enough that we can determine which classes of malware we get alerted on. Perhaps I want to be alerted to virus, worm, Trojan, but not PUA (or PUP). Some classes I would want to perhaps control independently would be worm, virus, Trojan, adware, spyware, ransomware, Rootkit, PUA (or PUP), and possibly keylogger. This list may not be all inclusive of every type of malware but its a good start. PUA is a low threat so we would not want to be alerted. We may want to alert out network team to any worms, so they may want a separate alert for worm specific infections. Ransomware may need to go to our security department. Each category may potentially have a different type of alert setup or may rank differently. We may have a daily alert sent out one way, and then a weekly alert sent out differently.

40 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Jamison Moklak shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

2 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Julius commented  ·   ·  Flag as inappropriate

    There are time these alerts cause problems and lead to engineer exhaustion fatigue related to a million PUA detections. Usually all in one night and about once a year it seems. Would be nice for Microsoft to do something about it finally.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I agree with this idea. I want to know in the console when things are detected, but my malware alert subscriptions are causing fatigue with all the PUA alerts I get from a few school districts we manage. We haven't yet removed admin rights from the users (working on it...) in those districts so seeing AskToolbar is a problem for them, not me and I don't want to be alerted to it.

Ideas: Endpoint Protection

Categories

Feedback and Knowledge Base

(thinking…)