0 Replies Latest reply on Jan 15, 2014 11:42 AM by rolandjose

    Automated Unhandled Threat Handling Issues

    rolandjose

      HI  All ,

                         I created an Automated Task in EPO 4.6.4 for Unhandled threats in our Location,

       

      It consist of Two Automated Task

       

      First One , whenever an Unhandled threat is detected , It  moves the system to an OU , where all ports are being blocked except Mcafee EPO server (Access Protection Policies ), so there is no chance of propagation , and then immedeately On Demand Scan is Initiated .

       

      The Second Automated task

                              Once The On Demand Scan is completed it moves back to the previous OU , based on Tag Criteria

       

       

      Everything work fines , but the Issue is that if there are N number of events , or a false alert , then entire systems would be with no Network access moved to that OU , is there any mechanism to address that also in case of Tag Criteria there are number of SUB OU , is there any mechanism to automatically change the access protection policy once alert is triggered and these systems should be reverted back with the MY Default access protection Policies rather than moving to an OU where access protection policy for port blocking is applied .

       

       

      Any Ideas and suggestion for this !

       

       

      Regards

      Roland CJ