A.3 Definition Files of Keywords for the Targets of Quarantining

This section explains the definition file of keywords for the targets of quarantining.

Purpose

Using the definition files of keywords for the targets of quarantining in combination with the definition file of the quarantine policy for security risks, it is possible to specify security risks to be quarantined.

Create these definition files when "ALL_DISABLE" is specified in "avmgr.corp.action_filter_base" in the definition file of the quarantine policy for security risks, and there are specific security risks which you wish to have quarantined.

When "ALL_DISABLE" is not specified in "avmgr.corp.action_filter_base", the content specified in these definition files is ignored.

It is not necessary to restart the services of the Resource Orchestrator manager after editing these definition files.

[Trend Micro OfficeScan]

OfficeScan 11.0 server
OfficeScan XG server

Create this definition file when "ALL_DISABLE" is specified in "avmgr.corp.action_filter_base" in the definition file of the quarantine policy for security risks, and there are specific security risks which you wish to have quarantined.

When "ALL_DISABLE" is not specified in "avmgr.corp.action_filter_base", the content specified in this definition file is ignored.

It is not necessary to restart the services of the Resource Orchestrator manager after editing this type of definition file.

Format of the Definition File

Location of the Definition File

[Windows Manager]: Installation_folder\SVROR\Manager\etc\customize_data

Information

The sample definition file (avmgr_corp_filter_enable.en.rcxprop.sample) is stored in the location above.
When using the sample as the definition file, place the file after deleting the ".sample" included in the file name.

Name of the Definition File

avmgr_corp_filter_enable.en.rcxprop

Character Code: [Windows Manager]
UTF-8

Line Break Code: [Windows Manager]
CR/LF or LF

Format of the Definition File

Separate multiple keywords using line breaks (CR/LF or LF).

Keyword 1 for the targets of quarantining
Keyword 2 for the targets of quarantining
Keyword 3 for the targets of quarantining

Definition File Items

For avmgr_corp_filter_enable.en.rcxprop

Alphanumeric characters and symbols (ASCII characters (0x20 - 0x7e)) can be used in keywords.

keyword1<line break (CR/LF or LF)>
keyword2<line break (CR/LF or LF)>
keyword3<line break (CR/LF or LF)>
...

When the Resource Orchestrator manager receives notification of a security risk containing any of the specified keywords, the corresponding L-Server will be quarantined.

Example

keyword_of_quarantine<line break (CR/LF or LF)>