What is Enforcement?
Enforcement means that a machine is quarantined from the network, or blocked. Blocked machines can only access a secure Web site where they can receive a reassessment. Based on the result of the assessment, machines which no longer present an unacceptable level of risk are released from quarantine and can reconnect to the network.
Vulnerability Assessment does not block or release computers itself, but is assisted by Network VirusWall. Network VirusWall queries Vulnerability Assessment on a regular basis and blocks and releases computers based on the query information. The frequency is configurable through Network VirusWall, but it can be as frequent as every 30 seconds (this is the default for computers that are not in compliance with Network VirusWall policies).
When does enforcement happen?
The system administrator sets the machines to which enforcement applies when he or she creates tasks. In each task, the administrator selects the machines to include and requests an enforcement action on machines that present an unacceptable level of risk to the network. Additionally, system administrators can access the Global Settings screen where they can set global enforcement policies. These policies can automatically perform enforcement against unsupported or deploy failed machines. Global exceptions, also set through the Global Settings screen, override any enforcement setting.
I set enforcement, but the machines are not blocked, why?
Enforcement actions depend on whether or not Vulnerability Assessment has access to Network VirusWall. Network VirusWall blocks all machines that are selected for enforcement by Vulnerability Assessment.
Warning: If you have set exceptions in Network VirusWall not to block certain computers, then it does not block those computers. Additionally, if Network VirusWall is not installed or if it is currently not functioning, it cannot block computers.
What do these icons mean?
|
|
This machine is blocked and cannot access the network. To have the machine reconnect to the network, provide the URL for the Manual Assessment page. The machine can access this page where the user can initiate a manual vulnerability assessment after he or she has resolved the security risk. The default URL for the Manual Assessment page is: http://CM Server/ControlManager/cgi-bin/va/CGIvax.exe Where "CM Server" is the name of the name of the Control Manager Server where Vulnerability Assessment is installed. |
|
|
Vulnerability Assessment has marked this machine for blocking, but it has not been blocked yet. If you have installed Network VirusWall on your server, it will shortly block this machine. Network VirusWall queries Vulnerability Assessment on a regular basis. The frequency is configurable through Network VirusWall, but it can be as frequent as every 30 seconds (this is the default for computers that are not in compliance with Network VirusWall policies). It blocks and releases computers based on the query information. When viewing the results of a task, this icon appears briefly until the blocked icon replaces it when Network VirusWall blocks the machine. However, when you query the database, the flag icon is always displayed, showing the status of the machine immediately following the assessment task (not yet blocked). |
|
|
Vulnerability Assessment has assessed this machine. The computer is not blocked, based on the enforcement action you set. However, it could have vulnerabilities that present a significant risk to the network. |
|
|
This icon displays when you have manually released a machine, but it has not been released yet. When you manually release a machine you request Network VirusWall to stop blocking it. The next time that Network VirusWall queries Vulnerability Assessment, it will release the machine. |
