This section explains the definition files of keywords for exclusion from the targets of quarantining.

Using the definition files of keywords for exclusion from the targets of quarantining in combination with the definition file of the quarantine policy for security risks, it is possible to exclude specific security risks from being quarantined.

Create these definition files when "ALL_DISABLE" is not specified in "avmgr.corp.action_filter_base" in the definition file of the quarantine policy for security risks, and there are security risks which you wish to exclude from being quarantined.

When "ALL_DISABLE" is specified in "avmgr.corp.action_filter_base", the content specified in these definition files is ignored.

It is not necessary to restart the services of the Resource Orchestrator manager after editing these definition files.

[Trend Micro OfficeScan]

• OfficeScan 11.0 server

• OfficeScan XG server

Create these definition files when "ALL_DISABLE" is not specified in "avmgr.corp.action_filter_base" in the definition file of the quarantine policy for security risks, and there are security risks which you wish to exclude from being quarantined.

When "ALL_DISABLE" is specified in "avmgr.corp.action_filter_base", the content specified in these definition files is ignored.

It is not necessary to restart the services of the Resource Orchestrator manager after editing this type of definition file.

Location of the Definition File

[Windows Manager]

Installation_folder\SVROR\Manager\etc\customize_data

Information

The sample definition file (avmgr_corp_filter_disable.en.rcxprop.sample) is stored in the location above.
When using the sample as the definition file, place the file after deleting the ".sample" included in the file name.

Name of the Definition File

avmgr_corp_filter_disable.en.rcxprop

Character Code

[Windows Manager]
UTF-8

Line Break Code

[Windows Manager]
CR/LF or LF

Format of the Definition File

Separate multiple keywords using line breaks (CR/LF or LF).

Keyword 1 for exclusion from the targets of quarantining
Keyword 2 for exclusion from the targets of quarantining
Keyword 3 for exclusion from the targets of quarantining

Definition File Items

For avmgr_corp_filter_disable.en.rcxprop

Alphanumeric characters and symbols (ASCII characters (0x20 - 0x7e)) can be used in keywords.

When the Resource Orchestrator manager is notified of a security risk containing any of the specified keywords, the corresponding L-Server will be excluded from quarantine.

keyword1_of_unquarantine<line break (CR/LF or LF)> keyword2_of_unquarantine<line break (CR/LF or LF)> keyword3_of_unquarantine<line break (CR/LF or LF)> ...

Example

keyword_of_unquarantine<line break (CR/LF or LF)>