AV State Alerting

Antivirus (AV) state monitoring is a crucial aspect of endpoint security management. Staying informed about the status of your AV software—whether it’s actively running, disabled, or facing an issue—ensures that all endpoints remain protected against malware and other threats. AV state alerting notifies IT administrators about potential problems like outdated definitions, disabled AV agents, or uninstalled software.

With NinjaOne, you can automate AV status monitoring, address issues in real-time, and maintain a secure IT environment. This proactive approach minimizes vulnerabilities while improving IT efficiency and control.

How to Manage AV State Alerting with NinjaOne

NinjaOne streamlines AV state alerting by integrating with a wide range of antivirus (AV) providers, enabling real-time alert delivery. Here’s a step-by-step guide to setting up and utilizing this feature:

1. Access Agent Policies

  • Navigate to the Administration section using the left-hand menu.
  • Select Policies, then choose Agent Policies from the dropdown menu.

Access Agent Policies 

2. Create or Select an Agent Policy

  • To create a new policy, click Create New Policy.
  • Alternatively, select an existing policy from the list for editing.

Create or Select an Agent Policy 

3. Configure Antivirus Alerting

  • On the Policy Editor page, navigate to the Activities section.
  • Select the antivirus solution you wish to configure for alerting.

Configure Antivirus Alerting 

4. Configure Alert Settings

  • Click on the activity for which you want to create an alert.
  • Configure the following settings:
  • Severity: Specify the criticality level of the alert (e.g., Critical, Major, Moderate).
  • Priority: Assign a priority to determine the order of resolution for the alert.
  • Channel: Select the communication channel for delivering the alert (e.g., Email, SMS, Slack).
  • Notify Technicians: Choose whether to notify specific technicians or teams about the alert.
  • Ticketing Rule: Define a ticketing rule to automatically create a support ticket when the alert is triggered, ensuring timely issue resolution and tracking.

Configure Alert Settings 

5. Example Activities for Alerting

The activities you can configure alerts for may vary depending on the antivirus solution, but here is a list of the most common ones:

  • Antivirus company associated with this device cannot be accessed
  • Antivirus Device changed status to managed
  • Antivirus Device changed status to unmanaged
  • Antivirus Disabled
  • Antivirus Enabled
  • Antivirus Installation Failed
  • Antivirus Installation Completed
  • Antivirus Purge of Quarantined Files Failed
  • Antivirus Quarantined Threats Purged
  • Antivirus Scan Completed
  • Antivirus Scan Failed
  • Antivirus Scan Started
  • Antivirus Threat Blocked
  • Antivirus Threat Cleaned
  • Antivirus Threat Deleted
  • Antivirus Remove Threat from Quarantine Initiated
  • Antivirus Remove Threat from Quarantine Completed
  • Antivirus Remove Threat from Quarantine Failed
  • Antivirus Threat Ignored
  • Antivirus Threat Detected

6. Save and Apply the Policy

  • Once you are satisfied with your configuration, click Save to apply the changes.
  • After saving, click Close to exit the policy editor.

Note: Confirm that the policy is applied to the correct devices or organizations to ensure the alerts are triggered as expected.

FAQ

AV state refers to the current status of an antivirus (AV) solution on a device, indicating whether it is active, disabled, outdated, or encountering issues. Common AV states include “Enabled,” where the antivirus is actively protecting the device, and “Disabled,” which leaves the device vulnerable. Other states include “Out of Date,” when antivirus definitions need updating, and “Scan In Progress,” indicating that a system scan is underway.

Additionally, an AV state might show “Threat Detected/Blocked,” meaning the antivirus has identified and blocked a potential threat. Monitoring the AV state is crucial to ensure that devices remain properly protected from security risks.

AV status refers to the overall condition or health of an antivirus (AV) solution on a device, reflecting whether it is functioning properly or encountering issues. It provides a snapshot of the AV’s performance, such as whether it is actively protecting the device, outdated, or experiencing failures. Common AV statuses include “Enabled,” when the antivirus is working as expected, and “Disabled,” which leaves the device vulnerable.

If there are issues, an AV warning may indicate problems like outdated definitions or failed scans, while an AV alarm could signal a more critical issue, such as a detected threat or a serious malfunction in the antivirus solution. Monitoring AV status is essential for ensuring continuous protection and addressing issues before they become security risks.

Next Steps

×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.