The operation patterns when performing an emergency procedure for a client are described below.
Operation pattern 1: The administrator performs an emergency procedure
Description
The administrator issues an emergency procedure request to a client (CT) where a security risk was detected.
The procedure below is performed for the client (CT):
The emergency procedure settings policy is applied
The network is disabled
A notification that a security risk has been detected is displayed
The administrator is notified by email that the emergency procedure request to the client (CT) has been completed.
Description
The administrator generates the emergency procedure cancellation code.
The administrator contacts the client (CT) user with the emergency procedure cancellation code.
The client (CT) user cancels the emergency procedure.
The Management Server is notified that the emergency procedure was canceled for the client (CT).
The administrator is notified by email that the emergency procedure was canceled for the client (CT).
Operation pattern 2: A malware infection is detected by the detection product (the network is blocked by the detection product)
Description
The detection product detects malware.
The network is blocked by the detection product.
The detection product notifies the Systemwalker Desktop Keeper Management Server that malware has been detected.
The administrator is notified by email that malware has been detected.
The administrator instructs the client (CT) user to perform the emergency procedure.
The client (CT) user performs the emergency procedure for the target client (CT).
The procedure below is performed for the target client (CT):
The emergency procedure settings policy is applied
The network is disabled
A notification that a security risk has been detected is displayed
Description
The network administrator (detection product administrator) is requested to cancel the network blockage.
The network blockage is canceled using the detection product console.
The network blockage is canceled for the target client (CT).
Description
The administrator generates the emergency procedure cancellation code.
The administrator contacts the client (CT) user with the emergency procedure cancellation code.
The client (CT) user cancels the emergency procedure.
The Management Server is notified that the emergency procedure was canceled for the client (CT).
The administrator is notified by email that the emergency procedure was canceled for the client (CT).
Operation pattern 3: A malware infection is detected by the detection product (the network is not blocked by the detection product)
Description
The detection product detects malware.
The detection product notifies the Systemwalker Desktop Keeper Management Server that malware has been detected.
The procedure below is performed for the target client (CT):
The emergency procedure settings policy is applied
The network is disabled
A notification that a security risk has been detected is displayed
The administrator is notified by email that the emergency procedure request to the client (CT) has been completed.
Description
The administrator generates the emergency procedure cancellation code.
The administrator contacts the client (CT) user with the emergency procedure cancellation code.
The client (CT) user cancels the emergency procedure.
The Management Server is notified that the emergency procedure was canceled for the client (CT).
The administrator is notified by email that the emergency procedure was canceled for the client (CT).
