Policy Enforcement > Add Policy (Step 6: Threat Mitigation Rules)
Threat mitigation rules define how Threat Discovery Appliance or Deep Discovery Inspector detections are handled. Network VirusWall Enforcer and the agent can quarantine noncompliant endpoints.
In this screen, you can specify the following policy options:
Enable Threat Mitigation—select this check box to use threat mitigation features.
Monitor endpoints—select this option allow packets from the endpoint to pass. Once monitored, endpoints are considered noncompliant. You can specify a different reassessment schedule for monitored endpoints.
Quarantine endpoints—select this option to prevent endpoints with threats from accessing the network.
Block C&C connections—select this option to block connections to and from C&C servers detected by Deep Discovery Inspector.
Enable the deny list—select this check box to block connections to and from servers in the deny list.
Send policy violation data to syslog—select this option to send a log entry to syslog whenever one of the assessment criteria returns a match.
Notify endpoints about policy violations—select this option to display popup notifications on endpoints that violate this section of the policy.