How to Put the PC in Network Quarantined automatically as soon as any virus is detected with action

hello

we are managing clients centrally through FSPM servers in our domain (i.e. Intranet). how to Network Quarantine the PC automatically from Intranet as soon as any virus is detected in any PC with action failed/none.

Best Answer

  • VadVad Posts: 1,050 F-Secure Employee
    Accepted Answer

    Hello ravi12,

     

    Such automatic action is not supported.

    There are only 2 parameters currently, which regulate shifting clients to Network Quarantine:

    - Real time Scanning enabled;

    - Age of virus definitions updates.

     

    Network quarantine parameters can be tuned in Policy Manager Console on Settings  tab (Standard View) -> Firewall security levels page.

     

    Best regards,

    Vad

Comments

  • MJ-perCompMJ-perComp Posts: 1,098 Superuser

    That is a bad idea.

    1) When F-Secure detects a malware it gets blocked, regardless of any further action defined by the administrator or if that action fails (The way F-Secure diplays this is "irritating", they know).

     

    2) Worm behaviour gets detected not on the machine that runs the worm, but on those that ar targeted by that worm. This way you would quarantine 99% of your network, but not the one that causes the problem (outdated  patches, Sigantures or other software)

     

    The best way is to install a lokal firewall to EVERY system with an Office profile so that only outbout traffic is possible. This way the machine is automatically quarantined, as it can not reach and infect the others.

This discussion has been closed.