Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - EndPointSecurity Section
  3. Articles

How can I be notified regarding important events generated by GFI EndPointSecurity?

Answer

Using GFI EventsManager, it is possible to collect these events in order to receive alerts and notifications when these events occur.

It is recommended to have four rules created in GFI EventsManager catering for the following events:

Agent stopped not through restart - Event 1001
This rule caters for event 1001, which is generated when the agent service of GFI EndPointSecurity is stopped manually. In most cases, a manual stop will be made by user intervention. Such stopping of the service can be made to disable the protection applied by GFI EndPointSecurity and have files written to or from the network using hardware devices. This event is marked as Critical.

Agent internal error - Event 1003
If the GFI EndPointSecurity agent raises an internal error, an event is written in Event log with ID 1003 prior to exiting. This event should be considered high priority since protection is not applied when this event occurs. To re-enable protection on the computer which produced the event, either manually start the GFI EndPointSecurity agent service and monitor the epssrv.exe process, or else restart the computer.

Device connected to computer - Event 3000
When a device is connected to a computer, GFI EndPointSecurity agent will create the event with ID 3000, which describes the device connected by which user. If multiple users are logged on to the same computer, the username of each logged on user is show in the event description. This event is marked as Medium, but can also be considered High or Critical depending on the use of portable hardware on computers.

Read-write to device blocked - Events 2001-2003
This rule, disabled by default, will handle events 2001 and 2003, which represent blocked read from and blocked writing to portable devices. These events can be generated at a high rate in cases where many attempts for usage of blocked devices are made, so it s suggested to enable and use this rule with caution.

Note: GFI EndPointSecurity 4 and later versions provides inbuilt notifications for important events.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments