Rules include security posture criteria, default responses associated with clients, and actions that clients perform. See Default Rules for a summary of the default rules that come configured with Policy Server.
Rules include the following security posture criteria:
Client machine state: If the client computer is in the booting state
Client Real-time scan status: If Real-time Scan is running
Client scan engine version currency: If the Virus Scan Engine is up-to-date
Client virus pattern file status: If the Virus Pattern is either a certain number of versions older or released a certain number of days prior to the validation
Responses help you understand the condition of OfficeScan clients on your network when client validation occurs. The responses entered into the Policy Server client validation logs correspond to posture tokens. Choose from among the following default responses:
Healthy: The client computer conforms to your security policies and is not infected
Checkup: The client needs to have its antivirus components updated
Infected: The client computer is infected or is at risk of infection
Transition: The client computer is in the booting state
Quarantine: The client computer is at high risk of infection and requires quarantining
Unknown: Any other condition
Note: You cannot add, delete, or modify responses.
If the client security posture matches the rule criteria, the Policy Server can carry out the following action:
Create an entry in a Policy Server client validation log (see Viewing client validation logs)
If the client security posture matches the rule criteria, the OfficeScan client can take the following actions:
Enable client Real-time Scan so OfficeScan client scans all files when opened or saved
Update all OfficeScan components
Scan the client (Scan Now) after enabling Real-time Scan or after an update
Display a notification message on the client computer