D2. The Parameters of Notification Templates

The text for messages is generated by a Server component named the templates processor on the basis of the templates files.

warning

Windows network message system functions only under Windows OS with Windows Messenger (Net Send) service support.

Windows Vista OS and later do not support Windows Messenger service.

A template file consists of text and variables enclosed in braces. When editing a template file, the variables listed below can be used.

The variables are written as follows:

{<VAR>}—substitute the current value of the <VAR> variable.

{<VAR>:<N>}—the first <N> characters of the <VAR> variable.

{<VAR>:<first>:<N>}—the value of <N> characters of the <VAR> variable that go after the first <first> characters (beginning from the <first>+1 symbol), if the remainder is less, it is supplemented by spaces on the right.

{<VAR>:<first>:-<N>}—the value of <N> characters of the <VAR> variable that go after the first <first> characters (beginning from the <first>+1 symbol), if the remainder is less, it is supplemented by spaces on the left.

{<VAR>/<original1>/<replace1>[/<original2>/<replace2>]}—replace specified characters of <VAR> variable with given characters: <original1> characters are replaced with <replace1> characters, <original2> characters are replaced with <replace2> characters, etc.

The number of substitution pairs are not limited.

{<VAR>/<original1>/<replace1[{<SUB_VAR>}]>[/<original2>/<replace2>]}—similarly to the above described replaces to the specified values but the <SUB_VAR> nested variable is used. Actions with nested variables are the same as the actions with parent variables.

Nesting level for recursive substitutions is not limited.

{<VAR>/<original1>/<replace1>/<original2>/<replace2>/*/<replace3>}—similarly to the above described replaces to the specified values but also the value from <replace3> can be substituted, if none of the listed original values match. Also, if either <original1>, or <original2> have not been found in <VAR>, all values will be replaced with the <replace3>.

Notation of variables

Variable

Value

Expression

Result

SYS.TIME

10:35:17:456

{SYS.TIME:5}

10:35

SYS.TIME

10:35:17:456

{SYS.TIME:3:5}

35:17

SYS.TIME

10:35:17:456

{SYS.TIME:3:-12}

°°°35:17:456

SYS.TIME

10:35:17:456

{SYS.TIME:3:12}

35:17:456°°°

SYS.TIME

10:35:17:456

{SYS.TIME/10/99/35/77}

99:77:17.456

Conventions

Environment Variables

To form messages texts you can use environment variables of the Server process (the System user).

Environment variables are available in the Control Center messages editor, in the ENV drop-down list. Please note: the variables must be specified with the ENV. prefix (the prefix ends with a dot).

System Variables

SYS.BRANCH—system version (Server and Agents),

SYS.BUILD—Server build date,

SYS.DATE—current system date,

SYS.DATETIME—current system date and time,

SYS.HOST—Server DNS name,

SYS.MACHINE—network address of a computer with the Server installed,

SYS.OS—operating system name of a computer with the Server installed,

SYS.PLATFORM—Server platform,

SYS.PLATFORM.SHORT—short variant of SYS.PLATFORM,

SYS.SERVER—product name (Dr.Web Server),

SYS.TIME—current system time,

SYS.VERSION—Server version.

Common Variables for Stations

GEN.LoginTime—station login time,

GEN.StationAddress—station address,

GEN.StationDescription—station description,

GEN.StationID—station unique identifier,

GEN.StationLDAPDN—distinguished name of a station under Windows OS. Relevant for stations included into ADS/LDAP domain,

GEN.StationMAC—stations MAC address,

GEN.StationName—station name,

GEN.StationPrimaryGroupID—identifier of the station primary group,

GEN.StationPrimaryGroupName—name of the station primary group,

GEN.StationSID—security identifier of a station.

Common Variables for Repository

GEN.CurrentRevision—current version identifier,

GEN.Folder—product location folder,

GEN.NextRevision—updated version identifier,

GEN.Product—product description.

Notification Parameters and Variables by Types

Administrators

Administrator authorization failed

Parameter

Value

Notification sending reason

Sent on error of administrator authorization in the Control Center. The reason of authorization failure is given in the notification text.

Additional configuration

Not required.

Variables

MSG.Login

login

MSG.Address

Control Center network address

MSG.LoginErrorCode

numeric error code

Unknown administrator

Parameter

Value

Notification sending reason

Sent on attempt of authorization in the Control Center by administrator with unknown login.

Additional configuration

Not required.

Variables

MSG.Login

login

MSG.Address

network address of Dr.Web Security Control Center

Installations

For messages of this group, you can also use common variables for stations given above.

Installation on station failed

Parameter

Value

Notification sending reason

Sent if an error occurred during the Agent installation on a station. The error reason is given in the notification text.

Additional configuration

Not required.

Variables

MSG.Error

error message

Installation on station successfully completed

Parameter

Value

Notification sending reason

Sent on succeeded Agent installation on a station.

Additional configuration

Not required.

Variables

Absent.

Licenses

License key automatically updated

Parameter

Value

Notification sending reason

Sent if a license key has been automatically updated. At this, a new key has been successfully downloaded and propagated on all objects of an old license key.

Additional configuration

For detailed information on automatic license update, refer the Administrator Manual, p. Automatic Licenses Update.

Variables

MSG.KeyId

Identifier of an old license key

MSG.KeyName

Name of an old license key

MSG.NewKeyId

Identifier of a new license key

MSG.NewKeyName

Name of a new license key

License key blocked

Parameter

Value

Notification sending reason

Sent if during the update from Dr.Web Global Update System, information on the license key blocking has been received. This key can no longer be used.

Additional configuration

To get detailed information on blocking reason, please contact the technical support service.

Variables

MSG.KeyId

ID of a license key

MSG.KeyName

Name of a user of a license key

License key cannot be automatically updated

Parameter

Value

Notification sending reason

Sent if a license key cannot be automatically updated, because the compound of licensed components differs in the current and the new keys. At this, a new key successfully downloaded but not propagated on all objects of an old license key. You must replace the license key manually.

Additional configuration

For detailed information on automatic license update, refer the Administrator Manual, p. Automatic Licenses Update.

Variables

MSG.ExpirationDate

date of license expiration

MSG.Expired

1—the term has expired

0—the term has not expired

MSG.KeyDifference

The reason why automatic replacement is impossible:

the compound of licensed components differs in the current and the new license keys

the new license key has fewer licenses than the current license key

MSG.KeyId

Identifier of an old license key

MSG.KeyName

Name of an old license key

MSG.NewKeyId

Identifier of a new license key

MSG.NewKeyName

Name of a new license key

License key expiration

Parameter

Value

Notification sending reason

Sent if the license key is about to expire, and automatic license update is not available.

Additional configuration

Not required.

Variables

MSG.ExpirationDate

date of license expiration

MSG.Expired

1—the term has expired

0—the term has not expired

MSG.KeyId

Identifier of a license key

MSG.KeyName

Name of a license key

License limitation on a number of online stations is reached

Parameter

Value

Notification sending reason

Sent if during connection of a station to the Server, it was detected that the number of stations in the group into which the connected station is included, reached the limitation in the license key assigned for this group.

At this, a new station cannot register on the Server.

Additional configuration

Not required.

Variables

MSG.ID

station UUID

MSG.StationName

station name

Common variables for stations given above are also available.

Licenses donation has expired

Parameter

Value

Notification sending reason

Sent if the period of licenses donation to neighbor Servers from the license key of this Server has expired.

Additional configuration

The period of licenses donation to neighbor Servers is specified in the Administration → Dr.Web Server configuration → Licenses section.

Variables

MSG.ObjId

license key ID

MSG.Server

the neighbor Server name

Limitation on a number of donated licenses is reached

Parameter

Value

Notification sending reason

Sent if the number of requested licenses for donation to neighbor Servers exceeds the number of licenses that are available in the license key.

Additional configuration

Not required.

Variables

MSG.ObjId

license key ID

Limitation on a number of licenses in the license key

Parameter

Value

Notification sending reason

Sent if during the Server startup, it was detected that the number of stations in a group already exceeded the number of licenses in the license key assigned to this group.

Additional configuration

Not required.

Variables

MSG.KeyId

ID of a license key

MSG.KeyName

license key user name

MSG.Licensed

number of allowed licenses

MSG.LicenseLimit

licenses state:

1—number of free licenses in the license key is close to the end

2—number of free licenses in the license key has ended

3—the license key has been assigned to more objects than allowed in this key.

MSG.Licensed

number of objects to which the key has been assigned

MSG.Total

number of licenses in the key

Number of stations in the group is close to the license limit

Parameter

Value

Notification sending reason

Sent if the number of stations in the group is closing to the license limitation in the key assigned to this group.

Additional configuration

The number of available licenses left in the key to send the notification is: less than three licenses or less than 5% from the total number of licenses in the key.

Variables

MSG.Free

number of free licenses left

MSG.Licensed

number of stations using licenses of this group

MSG.Total

Total number of licenses in all keys assigned to the group.

Please note: license keys of the group can also be assigned to other licensing objects.

GEN.StationPrimaryGroupID

primary group ID

GEN.StationPrimaryGroupName

primary group name

Newbies

For messages of this group, you can also use common variables for stations given above.

Station automatically rejected

Parameter

Value

Notification sending reason

Sent if a new station requested a connection to the Server and has been rejected by the Server automatically.

Additional configuration

The situation may occur if in the Administration → Dr.Web Server configuration → General section, for the Newbies registration mode option, the Always deny access value is set.

Variables

Absent.

Station is waiting for approval

Parameter

Value

Notification sending reason

Sent if a new station requested a connection to the Server and administrator must approve or reject the station manually.

Additional configuration

The situation may occur if in the Administration → Dr.Web Server configuration → General section, for the Newbies registration mode option, the Approve access manually value is set.

Variables

Absent.

Station rejected by administrator

Parameter

Value

Notification sending reason

Sent if a new station requested a connection to the Server and has been rejected by administrator manually.

Additional configuration

The situation may occur if in the Administration → Dr.Web Server configuration → General section, for the Newbies registration mode option, the Approve access manually value is set and an administrator selected the Anti-virus Network → icon-unapproved Unapproved stations → icon-unapproved-reject Reject selected stations option for this station.

Variables

MSG.AdminAddress

network address of the Control Center

MSG.AdminName

administrator name

Other

Epidemic in the network

Parameter

Value

Notification sending reason

Sent if an epidemic detected in the anti-virus network. It means that during specified time period, it was detected more than specified number of threats in the network.

Additional configuration

To sent epidemic notifications, you must set the Track epidemic flag in the Administration → Dr.Web Server configuration → Statistics section. Parameters on epidemic detection are set in the same section.

Variables

MSG.Infected

total number of detected threats

MSG.Virus

the most common threats

Large number of abnormally terminated connections detected

Parameter

Value

Notification sending reason

Sent on a large number of abnormally terminated connections with clients: stations, Agent installers, neighbor Servers, Proxy Servers.

Additional configuration

To be able to sent notifications on multiple abnormally terminated connections, you must set the Abnormally terminated connections flag in the Administration → Dr.Web Server configuration → Statistics section and configure corresponding parameters in the same section.

Variables

MSG.Total

number of terminated connections

MSG.AddrsCount

number of addresses that were disconnected

Large number of blocks by the Application Control detected

Parameter

Value

Notification sending reason

Sent on a large number of blocked applications at stations by the Application Control component.

Additional configuration

To be able to sent notifications on multiple blocked applications, you must set the Multiple blockings by Application Control flag in the Administration → Dr.Web Server configuration → Statistics section and configure corresponding parameters in the same section.

Variables

MSG.Total

total number of blocks

MSG.Profile

most common profiles according to which the block was made

Neighbor server has not connected for a long time

Parameter

Value

Notification sending reason

Sent according to the task in the Server schedule. Contains information that the neighbor Server has not connected to this Server for a long time. The date of last connection is given in the notification text.

Additional configuration

The time period during which the neighbor Server should not get connected to send the notification, is set in the Neighbor server has not connected for a long time task of the Server schedule configured in the Administration → Dr.Web Server Task Schedule.

Variables

MSG.LastDisconnectTime

the time when the Server has been connected at the last time

MSG.StationName

the neighbor Server name

Server log rotation error

Parameter

Value

Notification sending reason

Sent if an error occurred during rotation of the Server operation log. The reason of log rotation error is given in the notification text.

Additional configuration

Not required.

Variables

MSG.Error

message text

Server log write error

Parameter

Value

Notification sending reason

Sent when an error occurred during writing an information into the Server operation log. The reason of log write error is given in the notification text.

Additional configuration

Not required.

Variables

MSG.Error

message text

Statistic report

Parameter

Value

Notification sending reason

Sent after generation of a periodic report according to the task in the Server schedule. Also, notification contains the path for downloading the report file.

Additional configuration

The report is generated according to the Statistic reports task in the Server schedule configured in the Administration → Dr.Web Server Task Schedule.

Variables

MSG.Attachment

path to the report

MSG.AttachmentType

MIME type

GEN.File

report file name

Summary report of Preventive protection

Parameter

Value

Notification sending reason

Sent at receiving a lot of reports from the Preventive protection component on the network stations.

Additional configuration

To send a single notification on the Preventive protection report, you must set the Group reports of Preventive protection flag in the Administration → Dr.Web Server configuration → Statistics section. Parameters on reports grouping are set in the same section.

Variables

MSG.AutoBlockedActCount

number of processes with suspicious activity that were blocked automatically

MSG.AutoBlockedProc

processes with suspicious activity that were blocked automatically

MSG.HipsType

protected object type

MSG.IsShellGuard

dividing on types of the Preventive protection reactions at automatic blocking:

blocking of unauthorized code

check the access to the protected objects

MSG.ShellGuardType

the most common reason of a blocking of unauthorized code execution at automatic event blocking

MSG.Total

total number of Preventive protection events detected on the network

MSG.UserAllowedActCount

number of processes with suspicious activity that were allowed by user

MSG.UserAllowedHipsType

type of the most common protected objects access to which was allowed by user

MSG.UserAllowedIsShellGuard

dividing on types of the Preventive protection reactions when the access was allowed by user:

blocking of unauthorized code

check the access to the protected objects

MSG.UserAllowedProc

processes with suspicious activity that were allowed by user

MSG.UserAllowedShellGuard

the most common reason of a blocking of unauthorized code execution which was allowed by user

MSG.UserBlockedActCount

number of processes with suspicious activity that were blocked by user

MSG.UserBlockedHipsType

type of the most common protected objects access to which was blocked by user

MSG.UserBlockedIsShellGuard

dividing on types of the Preventive protection reactions when the access was blocked by user:

blocking of unauthorized code

check the access to the protected objects

MSG.UserBlockedProc

processes with suspicious activity that were blocked by user

MSG.UserBlockedShellGuard

the most common reason of a blocking of unauthorized code execution which was blocked by user

Repository

For messages of this group, you can also use common variables for repository given above.

Not enough free space on disk

Parameter

Value

Notification sending reason

Sent if on a disk where the Server var folder with variable data located, is running out of space.

Additional configuration

Low disk space defined if it is less than 315 MB or less than 1000 nodes (for UNIX system based OS) left, if this values do not redefined by environment variables.

Variables

Common variables for repository given above are not available.

MSG.FreeInodes

the number of free inodes file descriptors (has the meaning only for some UNIX system-based OS)

MSG.FreeSpace

free space in bytes

MSG.Path

the path to the folder with low free space

MSG.RequiredInodes

number of free inodes required for operation (has the meaning only for some UNIX system-based OS)

MSG.RequiredSpace

free space required for operation

Repository cannot be updated

Parameter

Value

Notification sending reason

Sent if during update of repository or repository product from the GUS, an error has occurred. Reason of the update error and also the name of the product at product update error, are given in the notification text.

Additional configuration

Not required.

Variables

MSG.Error

error message

MSG.ExtendedError

detailed description of an error

Repository product is up-to-date

Parameter

Value

Notification sending reason

Sent if during repository updates check, it was detected that requested product is up-to-date. At this, update of this product from the GUS is not required.

Additional configuration

Not required.

Variables

Absent.

info

The variables of the Repository product is up-to-date template do not include the files marked as not to be notified of in the product configuration file, read F1. The Syntax of the Configuration File .config.

Repository product is updated

Parameter

Value

Notification sending reason

Sent when repository update from the GUS successfully completed.

Additional configuration

Not required.

Variables

MSG.Added

list of added files (each name in a separate line)

MSG.AddedCount

number of added files

MSG.Deleted

list of deleted files (each name in a separate line)

MSG.DeletedCount

number of deleted files

MSG.Replaced

list of replaced files (each name in a separate line)

MSG.ReplacedCount

number of replaced files

Repository update already running

Parameter

Value

Notification sending reason

Sent if during the Server update, the other update was started.

Additional configuration

Not required.

Variables

Absent.

Update of repository product is frozen

Parameter

Value

Notification sending reason

Sent if the repository product was frozen by administrator. At this, update of this product from the GUS is not performed.

Additional configuration

You can manage repository products including their frozen and unfrozen states in the Administration → Detailed repository configuration section.

Variables

Absent.

Update of repository product is started

Parameter

Value

Notification sending reason

Sent if during repository updates check, it was detected that for requested products the update is required. At this, the update from the GUS is launched.

Additional configuration

Not required.

Variables

Absent.

Stations

For messages of this group, you can also use common variables for stations given above.

info

In multiserver network, it is possible to receive notifications about events on stations of neighbor Servers. You can enable this option when configuring neighbor Server connections (see Administrator Manual, the Setting Connections between Several Dr.Web Servers section).

The following notifications are available to receive on event on the neighbor Server: Security threat detected, Report of Preventive protection, Scan error, Scan statistics.

Application Control blocked the process

Parameter

Value

Notification sending reason

Sent if an application was blocked at station by the Application Control component.

Additional configuration

Not required.

Variables

MSG.AppCtlAction

applied action:

0—unknown,

2—blocked

3—blocked (not found in the trusted applications list)

5—blocked by deny rules

7—blocked by policies settings.

MSG.AppCtlType

event type:

0—unknown

1—process launch

2—host process launch

3—script interpreter launch

4—module load

5—driver load

6—MSI setup launch

7—new executable file dropped on disk

8—executable file modified on disk.

MSG.Path

path to the blocked process

MSG.Profile

name of the profile according to which the block was made

MSG.Rule

name of the rule according to which the block was made

MSG.SHA256

blocked process hash (SHA-256)

MSG.StationTime

station time when the process was blocked

MSG.Target

path to the blocked script in case of host process

MSG.TargetSHA256

hash the blocked script in case of host process (SHA-256)

MSG.TestMode

whether the test mode is on

MSG.User

user on behalf of which the blocked object was launched

Application Control blocked the process from the known hashes of threats list

Parameter

Value

Notification sending reason

Sent if an application from the known hashes of threats was blocked at station by the Application Control component.

Additional configuration

Notification on detection by the list of known hashes is possible only if the usage of bulletins of known threat hashes is licensed (the license in at least one of the license keys used by the Server is sufficient).

You can check the license in the information on a license key that can be found in the License Manager section, the Allowed lists of hash bulletins parameter (If the feature is not licensed, this parameter is absent).

Variables

MSG.AppCtlAction

applied action:

0—unknown,

2—blocked

3—blocked (not found in the trusted applications list)

5—blocked by deny rules

7—blocked by policies settings.

MSG.AppCtlType

event type:

0—unknown

1—process launch

2—host process launch

3—script interpreter launch

4—module load

5—driver load

6—MSI setup launch

7—new executable file dropped on disk

8—executable file modified on disk.

MSG.Document

bulletin containing the hash

MSG.Path

path to the blocked process

MSG.Profile

name of the profile according to which the block was made

MSG.Rule

name of the rule according to which the block was made

MSG.SHA256

blocked process hash (SHA-256)

MSG.StationTime

station time when the process was blocked

MSG.Target

path to the blocked script in case of host process

MSG.TargetSHA256

hash the blocked script in case of host process (SHA-256)

MSG.TestMode

whether the test mode is on

MSG.User

user on behalf of which the blocked object was launched

Cannot create the station account

Parameter

Value

Notification sending reason

Sent if a new stations account cannot be created on the Server. Error details are given in the Server log file.

Additional configuration

Not required.

Variables

MSG.ID

station UUID

MSG.StationName

station name

Connection terminated abnormally

Parameter

Value

Notification sending reason

Sent on abnormal termination of a connection with a client: station, Agent installer, neighbor Server, Proxy Server.

Additional configuration

To be able to sent notifications on abnormally terminated connections, you must set the Abnormally terminated connections flag in the Administration → Dr.Web Server configuration → Statistics section and configure corresponding parameters in the same section.

Variables

MSG.Total

number of terminated connections

MSG.Type

client type

Critical error of station update

Parameter

Value

Notification sending reason

Sent if a notification received from a station reports an error during update of anti-virus components from the Server.

Additional configuration

Not required.

Variables

MSG.Product

updated product

MSG.ServerTime

local time of receipt of a message by the Server

Device blocked

Parameter

Value

Notification sending reason

Sent if a notification received from a station reports that a connected to the station device has been blocked by Dr.Web anti-virus component.

Additional configuration

Not required.

Variables

MSG.Capabilities

device characteristics

MSG.Class

device class (the name of a parent group)

MSG.Description

device description

MSG.FriendlyName

user friendly name of the device

MSG.InstanceId

identifier of a device instance

MSG.User

user name

Report of Preventive protection

Parameter

Value

Notification sending reason

Sent at receiving the report from the Preventive protection component from a station of this or neighbor Server.

Additional configuration

Not required.

Variables

MSG.AdminName

administrator who initiated the action on a suspicious process

MSG.Denied

action on a suspicious process:

denied

allowed

MSG.HipsType

protected object type

MSG.IsShellGuard

dividing on types of the Preventive protection reactions:

blocking of unauthorized code

check the access to the protected objects

MSG.Path

path to the process with suspicious activity

MSG.Pid

identifier of the process with suspicious activity

MSG.ShellGuardType

reason of execution of unauthorized code blocking

MSG.StationTime

time of event occurrence on a station

MSG.Target

path to the protected object to which the access attempt was made

MSG.Total

number of denials in case of automatic reaction of the Preventive protection

MSG.User

user who launched the suspicious process

MSG.UserAction

initiator of the action on a suspicious process

user

automatic reaction of the Preventive protection

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Report of Preventive protection on threats detection by known hashes of threats

Parameter

Value

Notification sending reason

Sent at receiving the report from the Preventive protection component from a station of this or neighbor Server at threats detection from the list of known hashes of threats.

Additional configuration

Notification on detection by the list of known hashes is possible only if the usage of bulletins of known threat hashes is licensed (the license in at least one of the license keys used by the Server is sufficient).

You can check the license in the information on a license key that can be found in the License Manager section, the Allowed lists of hash bulletins parameter (If the feature is not licensed, this parameter is absent).

Variables

MSG.AdminName

administrator who initiated the action on a suspicious process

MSG.Denied

action on a suspicious process:

denied

allowed

MSG.Document

bulletin containing the hash of detected threat

MSG.HipsType

protected object type

MSG.IsShellGuard

dividing on types of the Preventive protection reactions:

blocking of unauthorized code

check the access to the protected objects

MSG.Path

path to the process with suspicious activity

MSG.Pid

identifier of the process with suspicious activity

MSG.SHA1

SHA-1 hash of detected object

MSG.SHA256

SHA-256 hash of detected object

MSG.ShellGuardType

reason of execution of unauthorized code blocking

MSG.StationTime

time of event occurrence on a station

MSG.Target

path to the protected object to which the access attempt was made

MSG.Total

number of denials in case of automatic reaction of the Preventive protection

MSG.User

user who launched the suspicious process

MSG.UserAction

initiator of the action on a suspicious process

user

automatic reaction of the Preventive protection

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Scan error

Parameter

Value

Notification sending reason

Sent if a notification received from a station reports an error during scanning.

Additional configuration

Not required.

Variables

MSG.Component

component name

MSG.Error

error message

MSG.ObjectName

object name

MSG.ObjectOwner

object owner

MSG.RunBy

component is launched by this user

MSG.ServerTime

event receipt time, GMT

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Scan error at threat detection by known hashes of threats

Parameter

Value

Notification sending reason

Sent if scan error occurred at threat detection from the list of known hashes of threats.

Additional configuration

Notification on detection by the list of known hashes is possible only if the usage of bulletins of known threat hashes is licensed (the license in at least one of the license keys used by the Server is sufficient).

You can check the license in the information on a license key that can be found in the License Manager section, the Allowed lists of hash bulletins parameter (If the feature is not licensed, this parameter is absent).

Variables

MSG.Component

component name

MSG.Document

bulletin containing the hash of detected threat

MSG.Error

error message

MSG.ObjectName

object name

MSG.ObjectOwner

object owner

MSG.RunBy

component is launched by this user

MSG.SHA1

SHA-1 hash of detected object

MSG.SHA256

SHA-256 hash of detected object

MSG.ServerTime

event receipt time, GMT

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Scan statistics

Parameter

Value

Notification sending reason

Sent if a notification received from a station reports a scan completion. Administrative notification also contains brief scan statistic.

Additional configuration

Not required.

Variables

MSG.Component

component name

MSG.Cured

number of cured objects

MSG.DeletedObjs

number of deleted objects

MSG.Errors

number of scan errors

MSG.Infected

number of infected objects

MSG.Locked

number of blocked objects

MSG.Modifications

number of objects infected with known modifications of viruses

MSG.Moved

number of moved objects

MSG.Renamed

number of renamed objects

MSG.RunBy

component is launched by this user

MSG.Scanned

number of scanned objects

MSG.ServerTime

event receipt time, GMT

MSG.Speed

processing speed in KB/s

MSG.Suspicious

number of suspicious objects

MSG.VirusActivity

 

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Security threat detected

Parameter

Value

Notification sending reason

Sent if a notification received from a station reports the threats detection. Administrative notification also contains detailed information on detected threats.

Additional configuration

Not required.

Variables

MSG.Action

action upon a detection

MSG.Component

component name

MSG.InfectionType

threat type

MSG.ObjectName

infected object name

MSG.ObjectOwner

infected object owner

MSG.RunBy

component is launched by this user

MSG.ServerTime

event receipt time, GMT

MSG.Virus

threat name

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Security threat detected by known hashes of threats

Parameter

Value

Notification sending reason

Sent if a notification received from a station reports the threats detection from the list of known hashes of threats. Administrative notification also contains detailed information on detected threats.

Additional configuration

Notification on detection by the list of known hashes is possible only if the usage of bulletins of known threat hashes is licensed (the license in at least one of the license keys used by the Server is sufficient).

You can check the license in the information on a license key that can be found in the License Manager section, the Allowed lists of hash bulletins parameter (If the feature is not licensed, this parameter is absent).

Variables

MSG.Action

action upon a detection

MSG.Component

component name

MSG.Document

bulletin containing the hash of detected threat

MSG.InfectionType

threat type

MSG.ObjectName

infected object name

MSG.ObjectOwner

infected object owner

MSG.RunBy

component is launched by this user

MSG.SHA1

SHA-1 hash of detected object

MSG.SHA256

SHA-256 hash of detected object

MSG.ServerTime

event receipt time, GMT

MSG.Virus

threat name

GEN.ServerRecvLinkID

UUID of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerRecvLinkName

the name of the last neighbor Server from which the Preventive protection report on connected stations was received (empty value if the report was received about stations connected to this Server)

GEN.ServerOriginatorID

UUID of the Server to which the station is connected from which the Preventive protection report was received

GEN.ServerOriginatorName

the name of the Server to which the station is connected from which the Preventive protection report was received

Station already logged in

Parameter

Value

Notification sending reason

Send on attempt to connect to the Server of a station with identifier which matches the identifier of a station already connected to this Server.

Additional configuration

Not required.

Variables

MSG.ID

station UUID

MSG.Server

ID of the Server at which the station is registered

MSG.StationName

station name

Station approved by administrator

Parameter

Value

Notification sending reason

Sent if a new station requested a connection to the Server and has been approved by administrator manually.

Additional configuration

The situation may occur if in the Administration → Dr.Web Server configuration → General section, for the Newbies registration mode option, the Approve access manually value is set and an administrator selected the Anti-virus Network → icon-unapproved Unapproved stations → icon-unapproved-allow Approve selected stations and set a primary group option for this station.

Variables

MSG.AdminAddress

network address of the Control Center

MSG.AdminName

administrator name

Station authorization failed

Parameter

Value

Notification sending reason

Sent if a station provided incorrect credentials when trying to connect to the Server. Further actions that depend on a stations approval policy, are also given in the notification.

Additional configuration

Stations approval policy is set in the Newbies registration mode option of the Administration → Dr.Web Server configuration → General section.

Variables

MSG.ID

station UUID

MSG.Rejected

values:

rejected—access to a station is denied

newbie—there was an attempt to assign the "newbie" status to a station

MSG.StationName

station name

Station automatically approved

Parameter

Value

Notification sending reason

Sent if a new station requested a connection to the Server and has been approved by the Server automatically.

Additional configuration

The situation may occur if in the Administration → Dr.Web Server configuration → General section, for the Newbies registration mode option, the Approve access automatically value is set.

Variables

Absent.

Station has not connected to the Server for a long time

Parameter

Value

Notification sending reason

Sent according to the task in the Server schedule. Contains information that the station has not connected to this Server for a long time. The date of last connection is given in the notification text.

Additional configuration

The time period during which the station should not get connected to send the notification, is set in the Station has not connected for a long time task of the Server schedule configured in the Administration → Dr.Web Server Task Schedule.

Variables

Common variables for stations given above are not available.

MSG.DaysAgo

number of days since the last connection to the Server

MSG.LastSeenFrom

address of the station at the last connection to the Server

MSG.StationDescription

station description

MSG.StationID

station UUID

MSG.StationMAC

station MAC address

MSG.StationName

station name

MSG.StationSID

station security identifier

Station reboot required

Parameter

Value

Notification sending reason

Sent if a station reboot is required for one of the following reasons:

to complete the cure

to apply the updates

to change the state of hardware virtualization

to complete the cure and apply the updates

to complete the cure and change the state of hardware virtualization

to apply the updates and change the state of hardware virtualization

to complete the cure, apply the updates and change the state of hardware virtualization.

Additional configuration

Not required.

Variables

MSG.Reason

reboot reason

the list of possible reboot reasons is given in the predefined template

Station reboot required to apply updates

Parameter

Value

Notification sending reason

Sent if a notification received from a station reports that the product has been installed or updated, and the station restart is required.

Additional configuration

Not required.

Variables

MSG.Product

updated product

MSG.ServerTime

local time of receipt of a message by the Server

Unknown station

Parameter

Value

Notification sending reason

Sent if a new station requested a connection to the Server, but was not allowed to review for approval or rejection of the registration.

Additional configuration

Not required.

Variables

MSG.ID

UUID of unknown station

MSG.Rejected

values:

rejected—access to a station is denied

newbie—there was an attempt to assign the "newbie" status to a station

MSG.StationName

station name