locked
Automating Threat Removal and Client Talk Back RRS feed

  • Question

  • Hello,

    If I set an override to Remove a threat based on severity will it Remove the threat after 10 minutes? is there anything which can be set so the user does not have any input when a threat is detected and that it wont alert the user?

    The reason for this is that we are having quite a few calls and we have set the overrides up and that they can only remove the threat. So if the system tray icon goes red with an X and then in 10 minutes it will automatically get removed and there will be no user popup?

    Could someone confirm this is the case?

    Also on a side note does anyone know how often the client talks back to the server when registering its self as a managed agent?

    Many Thanks

    James

    Friday, April 8, 2011 9:05 AM

Answers

  • Hi James,

    Thanks for the post.

    I think it  it will automatically get removed. In general, when you create an override based on threat, you are creating a whitelist that allows specific defined malware to run on a client without notification to the user. Overrides based on threat generally take precedence over all other overrides; however, any severity-based override that is set to Ignore will always take precedence over threat and category overrides.

    Meanwhile, with respect to how often the client talks back to the server, you could find out more by visiting http://technet.microsoft.com/en-us/library/cc180787.aspx

    Thanks,

    Miles

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by morpheus83uk Wednesday, April 13, 2011 1:43 PM
    Monday, April 11, 2011 6:22 AM

All replies

  • Hi James,

    Thanks for the post.

    I think it  it will automatically get removed. In general, when you create an override based on threat, you are creating a whitelist that allows specific defined malware to run on a client without notification to the user. Overrides based on threat generally take precedence over all other overrides; however, any severity-based override that is set to Ignore will always take precedence over threat and category overrides.

    Meanwhile, with respect to how often the client talks back to the server, you could find out more by visiting http://technet.microsoft.com/en-us/library/cc180787.aspx

    Thanks,

    Miles

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by morpheus83uk Wednesday, April 13, 2011 1:43 PM
    Monday, April 11, 2011 6:22 AM
  • Thanks for your response thats brilliant!
    Wednesday, April 13, 2011 1:43 PM