OfficeScan agents can log and block all connections made between endpoints and addresses in the Global C&C IP list. You can also log, but still allow access to, IP addresses configured in the User-defined Blocked IP List.
OfficeScan agents can also monitor connections that may be the result of a botnet or other malware threat. After detecting a malware threat, OfficeScan agents can attempt to clean the infection.
The Suspicious Connection Settings screen appears.
To allow agents to connect to addresses in the User-defined Blocked IP list, enable the Log and allow access to User-defined Blocked IP list addresses setting.
You must enable network connection logging before OfficeScan agents can allow access to addresses in the User-defined Blocked IP list.
Malware network fingerprinting performs pattern matching on packet headers. OfficeScan agents log all connections made by packets with headers that match known malware threats using the Relevance Rule pattern.
To allow OfficeScan agents to attempt to clean connections made to C&C servers, enable the Clean suspicious connections when a C&C callback is detected setting. OfficeScan agents use GeneriClean to clean the malware threat and terminate the connection to the C&C server.
You must enable Log connections using malware network fingerprinting before OfficeScan agents can attempt to clean the connections made to C&C servers detected by packet structure matching.
Apply to All Agents: Applies settings to all existing agents and to any new agent added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.
Apply to Future Domains Only: Applies settings only to agents added to future domains. This option will not apply settings to new agents added to an existing domain.