Adding or Editing a Rule

• From the OfficeScan console:

Cisco NAC > Policy Servers > Policy Server Summary screen > Rules link

From the Policy Server console:

Summary > Rule(s) link

Configurations > Rules

Rules are the building blocks of policies and comprise policies. Configure rules as the next step in Policy Server configuration (see Rule composition for detailed information on rules).

To add or edit a rule:

1. To add a new rule, click Add. The New Rule screen appears.

To edit an existing rule, click the name of the rule. The Edit Rule screen for that rule appears.

• Note: You cannot delete rules currently is use. They appear with the icon.

2. Next to Rule name and Description, type a name to represent the policy and an optional description.

3. Under Matching criteria, select criteria that the OfficeScan clients must match to return a response. All of the selected criteria must match to trigger a response.

• To trigger a response based on the current machine state, select the check box next to Client machine state is and click In booting state or Not in booting state.

• To trigger a response based on the status of Real-time Scan, select the check box next to Client Real-time scan is and click Enabled or Disabled.  

• To trigger a response based on the status of the Virus Scan Engine, select the check box next to Client scan engine is and click Up-to-date or Not up-to-date.  

• To trigger a response based on the status of the Virus Pattern, select the check box next to Client virus pattern status and click one of the following:

• By version: The version of the OfficeScan client Virus Pattern is at most or at least { } versions older than the version of the Virus Pattern on the OfficeScan server. Select at most or at least and the number of versions from the lists.

• By pattern release date: The release date of the OfficeScan client Virus Pattern is at most or at least { } days older than the release date of the Virus Pattern on the OfficeScan server. Select at most or at least  and the number of days from the lists.

7. Note: If there are no matches to the criteria, Policy Server returns the response you configure in the policy to which this rule applies (see Adding or editing a policy).

4. Next to Return response, select an OfficeScan response if all the items in Matching criteria match:

7. Healthy

8. Checkup

9. Transition

10. Quarantine

11. Infected

12. Unknown

13. Note: You cannot add or delete items from the Default response list.

5. Under Server-side actions, select the Log this incident if all criteria matched check box to have the Policy Server log this incident.

6. Under Client-side actions, select from among the following options for OfficeScan clients if all policy criteria match:

• Enable Real-time Scan

• Update components

• Scan after enabling Real-time Scan or after an update

• Perform Cleanup Now: Select to run Damage Cleanup Services

• Perform Cleanup Now and Scan Now: Select to have the client automatically run Damage Cleanup Services and Run Scan Now

• Note: Real-time Scan must be running on clients to perform Scan Now.

• Display notification message on client computer (Maximum of 200 single-byte characters)

7. Click Save.