I am running SEPM 12.1.4023.4080. I have about 100 clilents coming to one server for updates. Everything is going well, except that I noticed the other day that under the policies tab there were only a few non-shared applicaiton and device control policies. However if I go to the clients tab, almost each client group has its own application and device control policy that is non-shared. Anyway, I went to clients and exported the missing policies and then went to policies section and imported them in and assigned them to their respective groups. Since I have done this, I am being slammed with notifications from SEPM on
Found 10 or more security events in 1 minutes on computer XYZ. Actual number of security events found was 28.
Security events included:
Compliance and Application Control.
If I scroll through the typical email it refers to a caller target process (Assuming this means the application in question) and that it was allowed. This morning alone I had 300 emails waiting for me. During the day, I probably had another 200 come through from SEPM. Each of them reporting an application from one client PC or another that was allowed. Some of the notifications I receive are not listing any applications at all. I do not believe that I would want to know about every application that was allowed to run on my computers. I would however be interested in any that were blocked (if I had that setup).
I am not sure if I need to be creating exception rules, or turn off email notifications for this particular notification setting. I cannot seem to find any coorelation between the name of the report I see in my email and the notification name setup in SEPM. So I am not sure if the notification I am tweaking is the right one or not.
I use A&D control specifically to block unauthorized USB devices across all of my compputers. I do not use application control at all right now, but I would like to learn how and actually use it.
In the mean time, how to reduce or eliminate the email notifications on allowed applications?
Thanks,
Scott