OfficeScan can log and block all connections made between agents and addresses in the Global C&C IP list. The Suspicious Connection Settings screen also allows you to log, but still allow access to IP addresses configured in the User-defined Blocked IP List.
OfficeScan can also monitor connections that may be the result of a botnet or other malware threat. After detecting a malware threat, OfficeScan can attempt to clean the infection.
The Suspicious Connection Settings screen appears.
To allow agents to connect to addresses in the User-defined Blocked IP list, enable the Log and allow access to User-defined Blocked IP list addresses setting.
You must enable network connection logging before OfficeScan can allow access to addresses in the User-defined Blocked IP list.
Malware network fingerprinting performs pattern matching on packet headers. OfficeScan logs all connections made by packets with headers that match known malware threats using the Relevance Rule pattern.
To allow OfficeScan to attempt to clean connections made to C&C servers, enable the Clean suspicious connections when a C&C callback is detected setting. OfficeScan uses GeneriClean to clean the malware threat and terminate the connection to the C&C server.
You must enable Log connections using malware network fingerprinting before OfficeScan can attempt to clean the connections made to C&C servers detected by packet structure matching.
Apply to All Agents: Applies settings to all existing agents and to any new agent added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.
Apply to Future Domains Only: Applies settings only to agents added to future domains. This option will not apply settings to new agents added to an existing domain.