Purpose: Manage Suspicious Endpoints, a security service that provides compliance and network access control for risky endpoints.
Location: Gateways > (gateway name) > NETWORK ACCESS CONTROL > Suspicious Endpoints > General
-
Enable Suspicious Endpoints.
-
Select the action to take for out-of-compliance endpoints. Default is Monitor.
-
Set the threshold for the number of C&C callback events that can occur within the specified time period before the action is triggered. The default is 50 events over 1 hour.
-
Use the violation list to view information about endpoints that are in violation of the endpoint policy.
-
If you do not want endpoints to be blocked, remove the selected endpoints from the violation list.