Managing Suspicious Endpoints

Purpose: Manage Suspicious Endpoints, a security service that provides compliance and network access control for risky endpoints.

Location: Gateways > (gateway name) > NETWORK ACCESS CONTROL > Suspicious Endpoints > General

Do the following:
  • Enable Suspicious Endpoints.

  • Select the action to take for out-of-compliance endpoints. Default is Monitor.

  • Set the threshold for the number of C&C callback events that can occur within the specified time period before the action is triggered. The default is 50 events over 1 hour.

  • Use the violation list to view information about endpoints that are in violation of the endpoint policy.

  • If you do not want endpoints to be blocked, remove the selected endpoints from the violation list.