Investigate McAfee Alert Manager for use as a central VirusScan reporting tool … ReTS#3540
McAfee Alert Manager v4.7.1
McAfee Alert Manager is a central collection point for alert messages generated by McAfee AntiVirus scanning products in response to virus detection, virus definition file updates, and other significant events.
I’ll use REDMOND for the initial install and config. with the reporting being emailed to virus@edfac
Note that you configure your client ant-virus software to point at the server where Alert manager is installed. You do not configure Alert Manager to point at your client systems.
Client configured for \\REDMOND as the Alert Manager server
A quick test via the EICAR test file [3] shows that things appear to be working;
From: virus@edfac..... Subject: VIRUS: Alert Manager To: virus@edfac...... The file C:Documents and SettingsdcrDesktopeicar.txt is infected with the EICAR test file Test. No cleaner available, quarantined successfully. Detected using Scan engine version 4400 DAT version 4615. (from CF22877W IP 128.250.151.108 user CF22877W running VirusScan Enter 8.0 OAS)
Next steps;
i) Configure the labs to send to REDMOND
ii) Determine the alert level at which to send Alert (Severity 3+ ?)
i) Configure the labs to send to REDMOND
Can use a REG file to push settings …
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWARENetwork AssociatesTVDShared ComponentsAlert ClientVSE] "SuppressAlertsBelow"=dword:00000001 "bLocalEventLog"=dword:00000001 "LocalConfig"=dword:00000001 "RemoteConfig"=dword:00000001 "Centralized Alerting Path"="" "Alert Manager Server Path"="\\REDMOND" "AlertType"=dword:00000004 "Alert Manager Logical Name"=""
[1] AMG471_ProductGuide_EN.pdf [NAI]
[2] Release Notes for McAfee(R) Alert Manager(TM) Version 4.7.1 [NAI]
[3] The Anti-Virus test file [eicar]
