A.1 Definition File of the Quarantine Policy for Security Risks

• OfficeScan 11.0 server

• OfficeScan XG server

Character Code

[Windows Manager]

UTF-8

Line Break Code

[Windows Manager]

CR/LF

avmgr.action = {quarantine|reboot|none|quarantine_reboot} 
avmgr.action.<lserver_path> = {quarantine|reboot|none|quarantine_reboot }

[Trend Micro OfficeScan]

avmgr.corp.action_filter_base={ALL_ENABLE|ALL_DISABLE}

avmgr.action

Specify the action to be taken against the L-Server when a security risk is detected. Specify the following actions. The default operation is "quarantine".

• quarantine : Quarantines the L-Server.
• reboot : Reboots the L-Server. When using a PVS (Provisioning Services) environment, use of this setting is recommended.
• quarantine_reboot : Quarantines the L-Server and then reboots it. When using a client OS that has a simultaneous connection count of 1, use of this setting is recommended.
• none : No action is performed. An email that enables selection of the action to take is sent to the email address of the tenant administrator set in "4.10 mailnotice". The tenant administrator selects how the security risk will be handled according to the content of the email.

Example

avmgr.action = reboot

avmgr.action.<lserver_path>

Specify the action to be taken against the L-Server when a security risk is detected. For L-Servers which do not have this specified, the action specified in avmgr.action will be executed.

When rebooting L-Server "folder01/lsv01, folder01/lsv02"

Example

avmgr.action./folder01/lsv01 = reboot

avmgr.action./folder01/lsv02 = reboot

Note

When setting action to "none", assign the virtual PC to a tenant so you can receive the email notification that enables selection of the action to perform after malware is detected, and use the email notification function.

When not using the email notification function, there is a possibility that response to malware infections may be delayed.

Specify a full path for lserver_path. For this reason, specify "/" at the start of the path even when specifying an L-Server in the root folder.

[Trend Micro OfficeScan]

avmgr.corp.action_filter_base

Specifies the quarantine policy for security risks for all notifications sent from the following servers to the Resource Orchestrator manager.

• OfficeScan 11.0 server
• OfficeScan XG server

Specify one of the following options:

• "ALL_ENABLE": When executing an action on an L-Server.

  By using this in combination with "A.2 Definition files of keywords for exclusion from the targets of quarantining", it is possible to specify exclusion of security risks from executed actions.

• "ALL_DISABLE": When not executing an action on an L-Server.

  By using this in combination with "A.3 Definition files of keywords for the targets of quarantining", it is possible to specify inclusion of security risks for executed actions.

"ALL_ENABLE" is specified in the following cases:

• When the specification of "avmgr.corp.action_filter_base" is omitted
• When an invalid value is specified

  When "avmgr.corp.action_filter_base" is set more than once, the last specification will be valid.

Example

avmgr.corp.action_filter_base=ALL_DISABLE