Purpose: Manage Suspicious Endpoints, a security service that provides compliance and network access control for risky endpoints.
Location: Gateways > (gateway name) > NETWORK ACCESS CONTROL > Suspicious Endpoints > General
Enable Suspicious Endpoints.
Select the action to take for out-of-compliance endpoints. Default is Monitor.
Set the threshold for the number of C&C callback events that can occur within the specified time period before the action is triggered. The default is 50 events over 1 hour.
Use the violation list to view information about endpoints that are in violation of the endpoint policy.
If you do not want endpoints to be blocked, remove the selected endpoints from the violation list.