Network VirusWall Enforcer considers each network host that functions as a packet source and is identified by its own IP address to be an individual endpoint. A network device with more than one network interface card (NIC) and subsequently multiple IP address may be treated by Network VirusWall Enforcer as multiple endpoints, resulting in separate policy matching events.
Based on assessment results, endpoints can be generally categorized as one of the three following types:
Compliant—endpoints that have not violated any policies.
Noncompliant—endpoints that have violated at least one policy; the most common tasks associated with noncompliant endpoints are blocking or monitoring them. Monitored endpoints have unhampered access to the network, but may be reassessed against policies sooner than compliant endpoints.
Note: When creating a policy, you can define different reassessment schedules for compliant and noncompliant endpoints.
Blocked—endpoints that have violated a policy and are restricted from accessing network resources. If an endpoint is blocked, the device drops all packets directed towards or coming from the endpoint. The only types of traffic a blocked endpoint can receive are notifications and remedy-related traffic.
Quarantined—blocked endpoints that can only be released and allowed access to the network through the web console. Unless released, quarantined endpoints remain blocked regardless of subsequent assessment results.
Endpoints may also be classified into the following categories depending on current assessment status:
Assessing—endpoints that are currently being checked for policy compliance.
Unsupported OS—endpoints that cannot be assessed because they are running on unsupported platforms.