Warning Notifications

Warning notifications enable you to notify users in real-time about any potential out-of-policy behavior, in order to raise user awareness of the organization's security policy. On Windows or Mac endpoints, users can add a comment explaining their actions, and open a link to view the company policy. On Unix endpoints, users can only see the warning notification, but cannot respond to it with feedback, and cannot open a link to a company policy. On all endpoints, while configuring a warning notification, you can select to start recording screenshots of the user activity from that point.

Warning notifications can be configured when creating or editing alert rules on Windows, Mac, or Unix endpoints.

By default, every time a warning notification is displayed to the user, a predefined sound will be played. You can also display a company logo or image with each Warning Notification.

When there are multiple warning notification matches, only the first Warning Notification is displayed. This is done to reduce the noise and not overwhelm the user.

For details on how configured warning notifications appear to the end user, see How Notification and Blocking Messages Appear to the End User.

The following procedure describes how to configure a Warning Notification for a Windows endpoint, to be displayed to the end user after a risky activity triggers an alert. In this example, the user will receive a warning notification when a user accesses the sensitive Regedit application.

Configuring Warning Notifications for a Windows (or Mac) Endpoint

  1. In the Action area of the Create/Edit Alert Rule page, click Warning Notification.

  2. In the text box, enter the message that you want to display to the user.

    You must enter a message text otherwise the rule cannot be saved. You can enter up to a maximum of 250 characters.

  3. To display a link to the company policy, select Display link to organization policy, and enter the Policy name (the text that will be displayed to the user) and Policy URL in the relevant fields.

  4. If you want to enable users to provide feedback explaining their actions, select the Optional user feedback option (by default No user feedback is selected). This feedback can be viewed later by the administrator.

  5. If you are currently recording in metadata only mode, you can select Start video recording in order to record also the screenshots of user activities.

  6. You can click the Preview button to see how the notification message will appear to the user, according to the above configuration.

  7. To close the message, click the X button or anywhere on the screen.

  8. If required, you can make changes to fine-tune your message.

  9. When you have finished defining your warning notification, click Save to save your settings.

    The newly configured alert rule is displayed in the Alert & Prevent Rules page.

Configuring Warning Notifications for a Unix Endpoint

On Unix, when configuring a warning notification, you must enter a message to be displayed to the user. Also, if you are currently recording in Commands only mode (records session commands without terminal output), you can switch to standard recording mode to record both commands and terminal output.

There are no options to link to a company policy or to enable the user to provide feedback to the notification message.

Following is an example of how to configure a warning notification on a Unix endpoint.

Clicking the Preview button enables you to review the text message to be displayed to the user:

To close the text message, click the X button.