HI All ,
I created an Automated Task in EPO 4.6.4 for Unhandled threats in our Location,
It consist of Two Automated Task
First One , whenever an Unhandled threat is detected , It moves the system to an OU , where all ports are being blocked except Mcafee EPO server (Access Protection Policies ), so there is no chance of propagation , and then immedeately On Demand Scan is Initiated .
The Second Automated task
Once The On Demand Scan is completed it moves back to the previous OU , based on Tag Criteria
Everything work fines , but the Issue is that if there are N number of events , or a false alert , then entire systems would be with no Network access moved to that OU , is there any mechanism to address that also in case of Tag Criteria there are number of SUB OU , is there any mechanism to automatically change the access protection policy once alert is triggered and these systems should be reverted back with the MY Default access protection Policies rather than moving to an OU where access protection policy for port blocking is applied .
Any Ideas and suggestion for this !