we are managing clients centrally through FSPM servers in our domain (i.e. Intranet). how to Network Quarantine the PC automatically from Intranet as soon as any virus is detected in any PC with action failed/none.
Such automatic action is not supported.
There are only 2 parameters currently, which regulate shifting clients to Network Quarantine:
- Real time Scanning enabled;
- Age of virus definitions updates.
Network quarantine parameters can be tuned in Policy Manager Console on Settings tab (Standard View) -> Firewall security levels page.
That is a bad idea.1) When F-Secure detects a malware it gets blocked, regardless of any further action defined by the administrator or if that action fails (The way F-Secure diplays this is "irritating", they know).
2) Worm behaviour gets detected not on the machine that runs the worm, but on those that ar targeted by that worm. This way you would quarantine 99% of your network, but not the one that causes the problem (outdated patches, Sigantures or other software)
The best way is to install a lokal firewall to EVERY system with an Office profile so that only outbout traffic is possible. This way the machine is automatically quarantined, as it can not reach and infect the others.