We're using Microsoft's System Center Endpoint Protection (SCEP) as our antivirus solution. We have it set within SCCM to send the help desk and the sysadmins an email when a virus detection is found. However, I can't see where I can configure it to pop up a message to the end user when they've just almost infected themselves.
It has happened twice recently where we had a users on a terminal server trying to download an infected file multiple times because they didn't understand why it wasn't opening. In one case, a user was attempting to download what they thought was a tax form, but was actually a malicious .EXE. They did this 13 times!!! I and the help desk got 13 notifications about it. We had to call that user and give them an education about why downloading a government form from a not-the-government web site is a bad idea.
Normally I'm not a fan of software that gets all up in your face about every little thing. Users are bombarded by security prompts all the time and they have no idea what they mean. But in this case, I think it would have been in everyone's best interest if the user had gotten a scary pop-up or something to say "Hey! Stop doing that!"
I do not see anywhere in the Antimalware Policies where I can configure a notification to the end-user.
We're using SCCM 1602 (a.k.a. SCCM 2016), but this applies equally to SCCM 2012. All computers have the latest AV agent installed.
