Set Frequency for PCP End User Notifications
By default, when a user tries to access a phishing or malicious web site or domain, Lookout generates one issue in the MES console every 24 hours from the time the device initially attempts to visit a web site we alert on. This helps declutter the administrator view in the issues module. Lookout also Increments the issue threat count for the device each time the device attempts visiting the same url during the 24 hour period.
For advanced and premium customers, Lookout provides PCP notification throttling to control how often a user receives notifications for visits to the same unsafe website or domain. It also limits the issues generated to one issue per 24-hour period starting from the first access to the unsafe site while incrementing the issue detection count for each encounter. This feature keeps notifications and issues from becoming a nuisance.
The policy classifications for these content types: Phishing, Malicious, Unauthorized, and Denylist content have (gear icon) settings to configure how many times in 24 hours to notify end users if they access the same website or domain.
The choices are:
- Once a day: Send a notification once in 24 hours for the particular url.
- Twice a day. Send up to two notifications to the device for the particular url in 24 hours. Pause for 12 hours between notifications.
- Four times a day. Send up to four notifications to the device for the particular url in 24 hours. Pause for 6 hours between notifications.
-
Every time. Send a notification and then pause notifications for 3 minutes. If the device visits the url again in the 4th minute, send a new notification.
Common action across the choices:
- Notify the end user device on the first detection with an alert and, if configured, block access to the site or domain.
- Generate one issue in the MES console every 24 hours from the time the device initially attempts to visit the web site.
-
Increment the issue threat count on the device each time the device attempts visiting the same url during the 24 hour period.
To configure notification throttling using the MES console:
- Navigate to the tab.
- Choose the Device Group you want to apply your policies to from the Manage settings for: dropdown menu.
- In the policy classification for Phishing content set the Risk level and Response as appropriate for the device group.
- Click the gear icon for Phishing content and choose how many times in 24 hours to notify users when they visit the same web site or domain.
- Click Save in the dialog box.
- Repeat these steps for the Malicious content policy classification.
- Scroll down and click Save.