Purpose: Manage Suspicious Endpoints, a security service that provides compliance and network access control for risky endpoints.
Location: Gateways > (gateway name) > NETWORK ACCESS CONTROL > Suspicious Endpoints > General
Enable Suspicious Endpoints.
Select the action to take for out-of-compliance endpoints. Default is Monitor.
Set the threshold for the number of C&C callback events that can occur within the specified time period before the action is triggered. The default is 50 events over 1 hour.
Use the violation list to view information about endpoints that are in violation of the endpoint policy.
Manage the violation list by removing selected endpoints from the list.