Alerts - Protection Violation

Select Protection Violation from the Select Alert Function drop-down list

The Alerts - Protection Violation page alerts when a file is changed or access violation detected on a managed machine. Options include Distributed file changed on agent and was updated, File access violation detected, and Network access violation detected.

Prerequisites

Agent Procedures > Distribute File
Agent > File Access
Agent > Network Access

Passing Alert Information to Emails and Procedures

The following type of alert emails can be sent and formatted:

Format email message generated by Protection Violations alerts.

Note: Changing this email alarm format changes the format for all Protection Violation alert emails.

The following variables can be included in your formatted email alerts and are passed to agent procedures assigned to the alert.

Within an Email	Within a Procedure	Description
<at>	#at#	alert time
<db-view.column>	not available	Include a view.column from the database. For example, to include the computer name of the machine generating the alert in an email, use <db-vMachine.ComputerName>
<gr>	#gr#	group ID
<id>	#id#	machine ID
<pv>	#pv#	violation description from Agent Log
	#subject#	subject text of the email message, if an email was sent in response to an alert
	#body#	body text of the email message, if an email was sent in response to an alert

Apply

Click Apply to apply parameters to selected machine IDs. Confirm the information has been applied correctly in the machine ID list.

Clear

Click Clear to remove all parameter settings from selected machine IDs.

Create Alarm

If checked and an alert condition is encountered, an alarm is created. Alarms are displayed in Monitor > Dashboard List, Monitor > Alarm Summary and Info Center > Reporting > Reports > Logs > Alarm Log.

Create Ticket

If checked and an alert condition is encountered, a ticket is created.

Run Script

If checked and an alert condition is encountered, an agent procedure is run. You must click the select agent procedure link to choose an agent procedure to run. You can optionally direct the agent procedure to run on a specified range of machine IDs by clicking this machine ID link. These specified machine IDs do not have to match the machine ID that encountered the alert condition.

Email Recipients

If checked and an alert condition is encountered, an email is sent to the specified email addresses.

The email address of the currently logged on user displays in the Email Recipients field. It defaults from System > Preferences.
Click Format Email to display the Format Alert Email popup window. This window enables you to format the display of emails generated by the system when an alert condition is encountered. This option only displays for master role users.
If the Add to current list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses are added without removing previously assigned email addresses.
If the Replace list radio option is selected, when Apply is clicked alert settings are applied and the specified email addresses replace the existing email addresses assigned.
If Remove is clicked, all email addresses are removed without modifying any alert parameters.
Email is sent directly from the Kaseya Server to the email address specified in the alert. Set the From Address using System > Outbound Email.

Distributed file changed on agent and was updated

If checked, an alert is triggered when a file distributed using Procedure > Distributed File is changed on the managed machine. The agent verifies the distributed file at every full check-in.

File access violation detected

If checked, an alert is triggered when an attempt is made to access a file specified as blocked using Agent > File Access.

Network access violation detected

If checked, an alert is triggered when an attempt is made to access either an internal or external internet site using an application specified as blocked using Agent > Network Access.

Select All/Unselect All

Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.

Check-in status

These icons indicate the agent check-in status of each managed machine. Hovering the cursor over a check-in icon displays the agent Quick View window.

Online but waiting for first audit to complete

Agent online

Agent online and user currently logged on.

Agent online and user currently logged on, but user not active for 10 minutes

Agent is currently offline

Agent has never checked in

Agent is online but remote control has been disabled

The agent has been suspended

Word 80% / HTML 80% An agent icon adorned with a red clock badge is a temporary agent.

Edit Icon

Click a row's edit icon to populate header parameters with values from that row. You can edit these values in the header and re-apply them.

Machine.Group ID

The list of Machine.Group IDs displayed is based on the Machine ID / Group ID filter and the machine groups the user is authorized to see using System > User Security > Scopes.

ATSE

The ATSE response code assigned to machine IDs or SNMP devices:

A = Create Alarm
T = Create Ticket
S = Run Agent Procedure
E = Email Recipients

Email Address

A comma separated list of email addresses where notifications are sent.