[CLOSED] Bombarded with Notifications

Container for RESOLVED incidents, queries SOLVED by the experts, EXPIRED topics or those that have been CLOSED by the users
Locked
robertd
Registered user
Registered user
Posts: 104
Joined: Wed, 25 Apr 2012, 00:25
Contact:

[CLOSED] Bombarded with Notifications

Post by robertd » Mon, 06 Jan 2014, 23:40

I have email notifications enabled because I want to be notified of viruses etc. However, after enabling the URL filter, a couple different URL's are being blocked daily by various machines and it seems each time one is blocked, I get 5 to 10 email's. Below are examples of the messages. It's always the same two domain names, korrelate.net or ixiaa.com. First of all, I wonder if this is simply a false positive? Second, Panda should send one email not 5 to 10 each time it's blocked.

Panda Endpoint Protection has detected the following threat: TYPE: URL with malware COMPUTER: PC-937 PATH: https://*.korrelate.net FILE: https://*.korrelate.net RESULT: Virus deleted MORE INFORMATION: {ExtendUrlMalwareInfo}

Panda Endpoint Protection has detected the following threat: TYPE: URL with malware COMPUTER: PC-958 PATH: https://s.ixiaa.com FILE: https://s.ixiaa.com RESULT: Virus deleted MORE INFORMATION: {ExtendUrlMalwareInfo}

JAMPanda
Official moderator
Official moderator
Posts: 20
Joined: Thu, 28 Jun 2012, 15:42

Re: Bombarded with Notifications

Post by JAMPanda » Fri, 28 Feb 2014, 18:21

Hi robertd,

The detection emails can become a little overwhelming if you've got an environment where there are a lot of individual hits. Most clients have opted for creating a specific email address that they can enact some rules on so that you're only notified with specific types of detections. That may help cut down on the number of messages you're having to weed through.

Regarding the URL detections, most of the hits of this nature are detected because they are listed as Spam Sites due to their information tracking practices (i.e. farming information from those emails or web links that do not send you directly to the intended destination). Many of these domains can be analyzed and white listed (see: re-categorized) so if you come up against any that you feel warrant review you can contact your local Panda Technical Support team and they should be able to process the request for analysis. If the investigation comes back clean the URLs will be whitelisted and you should no longer experience the detections.

I hope this helps.

robertd
Registered user
Registered user
Posts: 104
Joined: Wed, 25 Apr 2012, 00:25
Contact:

Re: Bombarded with Notifications

Post by robertd » Thu, 22 May 2014, 17:29

The issue isn't with a lot of individual hits. When one person loads one website which is flagged, I get 5 to 20 emails at once. It seems like it should only send one email or at least give us control to adjust the email settings.

If it's a tracking cookie that's being blocked, it shouldn't notify the user that a virus was blocked since it's not a virus\malware. In addition the email should say a tracking cookie was blocked, not malware.

It would be nice if there was a way to submit a URL for review through the console instead of having to contact a local support rep.
Last edited by EagleEye on Tue, 02 Sep 2014, 11:35, edited 1 time in total.
Reason: Following this suggestion, the following Support article was published http://www.pandasecurity.com/usa/enterprise/support/card?id=50083

Locked

Return to “Adaptive Defense and Endpoint Protection - Archive Issues”