Endpoint Security Notifications

Endpoint Security Notifications display a system tray notification on a Windows asset when the Rapid7 Agent (Insight Agent) blocks or prevents a file or process from running using Ransomware Prevention or Next-Generation Antivirus (NGAV). This feature is disabled by default.

When the Rapid7 Agent (Insight Agent) performs a blocking or protective action:

• A notification appears on the asset.
• Windows assets display the configured custom message (if defined).
• Notifications are triggered only when an action is taken. They are not triggered for informational detections.

Note: Endpoint Security Notifications are available only on assets with Ransomware Prevention or Next-Generation Antivirus (NGAV) installed.

Enable Endpoint Security Notifications

1. From the Command Platform, go to Data Connectors > Agents.
2. Click Organization Settings.
3. Select Endpoint Security Notifications.
4. Turn the feature On.
5. Select which protection engines can trigger Endpoint Security Notifications:

• All Engines (Antivirus and Prevention)
• Antivirus Only (On-Access)
• All Prevention Engines
• Specific Prevention Engines

6. Configure notification scope. By default, notifications are displayed on all eligible assets. You can limit notifications to specific prevention groups. This allows you to control which assets display notifications.
7. (Optional) Enter a custom notification message.
8. Click Save.

Disable Endpoint Security Notifications

Disabling the feature prevents Rapid7 Endpoint Security Notifications from appearing on supported assets.

1. From the Command Platform, go to Data Connectors > Agents.
2. Click Organization Settings.
3. Select Endpoint Security Notifications.
4. Turn the feature Off.