Security Agents can log and block all connections made between endpoints and addresses in the Global C&C IP list. You can also log, but still allow access to, IP addresses configured in the User-defined Blocked IP List.
Security Agents can also monitor connections that may be the result of a botnet or other malware threat. After detecting a malware threat, Security Agents can attempt to clean the infection.
The Suspicious Connection Settings screen appears.
To allow agents to connect to addresses in the User-defined Blocked IP list, enable the Log and allow access to User-defined Blocked IP list addresses setting.
You must enable network connection logging before Security Agents can allow access to addresses in the User-defined Blocked IP list.
Malware network fingerprinting performs pattern matching on packet headers. Security Agents log all connections made by packets with headers that match known malware threats using the Relevance Rule pattern.
To allow Security Agents to attempt to clean connections made to C&C servers, enable the Clean suspicious connections when a C&C callback is detected setting. Security Agents use GeneriClean to clean the malware threat and terminate the connection to the C&C server.
You must enable Log connections using malware network fingerprinting before Security Agents can attempt to clean the connections made to C&C servers detected by packet structure matching.
Apply to All Agents: Applies settings to all existing agents and to any new agent added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.
Apply to Future Domains Only: Applies settings only to agents added to future domains. This option will not apply settings to new agents added to an existing domain.