cancel
Showing results for 
Search instead for 
Did you mean: 

How to Put the PC in Network Quarantined automatically as soon as any virus is detected with action none/failed

Highlighted
Aspirant

How to Put the PC in Network Quarantined automatically as soon as any virus is detected with action none/failed

hello

we are managing clients centrally through FSPM servers in our domain (i.e. Intranet). how to Network Quarantine the PC automatically from Intranet as soon as any virus is detected in any PC with action failed/none.

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure
F-Secure

Re: How to Put the PC in Network Quarantined automatically as soon as any virus is detected with action none/failed

Hello ravi12,

 

Such automatic action is not supported.

There are only 2 parameters currently, which regulate shifting clients to Network Quarantine:

- Real time Scanning enabled;

- Age of virus definitions updates.

 

Network quarantine parameters can be tuned in Policy Manager Console on Settings  tab (Standard View) -> Firewall security levels page.

 

Best regards,

Vad

2 REPLIES
F-Secure
F-Secure

Re: How to Put the PC in Network Quarantined automatically as soon as any virus is detected with action none/failed

Hello ravi12,

 

Such automatic action is not supported.

There are only 2 parameters currently, which regulate shifting clients to Network Quarantine:

- Real time Scanning enabled;

- Age of virus definitions updates.

 

Network quarantine parameters can be tuned in Policy Manager Console on Settings  tab (Standard View) -> Firewall security levels page.

 

Best regards,

Vad

Superuser

Betreff: How to Put the PC in Network Quarantined automatically as soon as any virus is detected with action none/failed

That is a bad idea.

1) When F-Secure detects a malware it gets blocked, regardless of any further action defined by the administrator or if that action fails (The way F-Secure diplays this is "irritating", they know).

 

2) Worm behaviour gets detected not on the machine that runs the worm, but on those that ar targeted by that worm. This way you would quarantine 99% of your network, but not the one that causes the problem (outdated  patches, Sigantures or other software)

 

The best way is to install a lokal firewall to EVERY system with an Office profile so that only outbout traffic is possible. This way the machine is automatically quarantined, as it can not reach and infect the others.

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de