I am in the process of implementing with my team, and reviewing some open issues we have. One is with regard to the subject of my discussion. In looking at the VSE Policies, I see a heading for Anti-Virus Outbreak Control under Access Protection Policies. Right now, we have these set to Report only. I have found a whitepaper that gives details on these rules and indicates that they are very powerful rules. What I am curious about is how they are used or triggered. Are these designed to be manually implemented in the event of an outbreak, or do they kick in at some kind of pre-determined threshold? What criteria is used to delineate a virus outbreak?
I don't want to set them to Block and then find they block everything because they are to be used only when there is an outbreak. My thought is that they kick in when ePO recognizes an outbreak. If that is the case, then I would like to know what ePO uses to determine that. Any information would be greatly appreciated.
It isn't triggered by anything in particular. The idea is that these MIGHT be useful depending on the virus. By calling it an Outbreak rule that implies that you definitely don't want to run these on a regular basis.
Thanks for the answer Peter. So basically, I wouldn't want to set these to run (manually or through an automatic response) unless we have determined that an Outbreak is occurring, by whatever critieria we had set up in our environment?
Those are pretty much guaranteed to break something. Think of those as ideas that you might use if you need them... maybe. But probably not. Each outbreak (again, you are deciding this) will have a unique reaction.