An emergency procedure is performed for a client (CT) where a security risk was detected.
The procedure below is performed for the client (CT).
The emergency procedure settings policy is applied
The network is disabled
A notification that a security risk has been detected is displayed
Refer to "2.4.2 Perform Emergency Procedure Settings" for details on the emergency procedure settings.
Refer to "Set Environment of Management Server/Master Management Server" > "Set Administrator Notification" in the Installation Guide for details on the settings for email notifications to the administrator and writing to the event log when emergency procedure requests and emergency procedure cancellations are completed.
Emergency procedures can be performed manually for a client (CT) either by the administrator or the client (CT) user itself.
The administrator performs an emergency procedure for the target client when the administrator identifies a client where a security risk was detected.
When the administrator is notified that the network is blocked for a specific client (CT) due to malware being detected by the malware detection product, the administrator will instruct the target client (CT) user to perform the emergency procedure. After receiving the instruction from the administrator, the client (CT) user will perform the emergency procedure.
The administrator performs an emergency procedure for a client (CT) where a security risk was detected.
The administrator specified in Detail Authority > Log Viewer > Emergency procedure of the Administrator Information Settings window of the Server Settings Tool must be logged in the Log Viewer to perform the emergency procedure.
Follow the procedure below:
Start the Log Viewer.
Display one of the details windows below:
CT operation log (Operation)
CT operation log (Log view)
Click Emergency Procedure Request - the confirmation window will be displayed.
If an emergency procedure request has been issued or is in progress for the target client (CT), the LWSC-ERR089 error message will be displayed, and it will not be possible to issue an emergency procedure request.
OK: Perform the emergency procedure for the client (CT).
Cancel: Closes the confirmation window.
Click OK.
The policy that is currently applied can be checked using the maintenance command.
Refer to "Display Prohibition Settings Information (Operation Policy)" in the Reference Manual for details on the maintenance command.
The administrator notifies the client (CT) user of the procedure below.
Double-click fsw01ejn.exe (emergency procedure tool) (administrator privileges are not required).
The emergency procedure tool window will be displayed.
[fsw01ejn.exe directory]
If the operating system is Windows 7 64-bit version, Windows 8.1 64-bit version, Windows 10 64-bit version, Windows Server 2008 64-bit version, Windows Server 2008R2, Windows Server 2012, or Windows Server 2016
%SystemRoot%\SYSWOW64\
If the operating system is anything other than the above
%SystemRoot%\system32\
Note: %SystemRoot% is normally C:\Windows.
Perform one of the operations below:
OK: Displays a confirmation message.
If OK is clicked, the network will be disabled for the client (CT), and the policy set by the administrator will be applied.
Cancel: Closes the emergency procedure tool window.
