1. Select a threat to apply an action

This box lists the different categories of threats that can be detected by VMware vCenter Protect Agent . You can expand each category to display sub-categories of threats. A description for each threat category is provided in the Threat Description box.

2. Select an action for the threat

For the threat currently selected in the threat category list, specify what action you want the agent to perform:

• Allow: Allows the selected threat to remain on the target machine. No notification is provided to the user or to the console.

• Report Only: Allows the selected threat to remain on the target machine, but a report will be generated and sent to the console.

• Quarantine: The agent will place the infected file into quarantine. It will stay in quarantine for 30 days (the number of days is configurable), after which the file will be deleted. Placing an infected file into quarantine gives you time to evaluate the file before it is permanently deleted from the target machine. If you decide to rollback a file, delete a file, or export information about a quarantined file you can do so remotely from the console or by using the agent client program.

• Delete: Immediately deletes the infected file from the target machine.

Recommended Best Practice: You might consider initially quarantining everything. This provides the most protection while still allowing you to rollback files you deem safe. After monitoring the results for a week or two you should get a good feel for what settings make the best sense for your organization. If you see that something is routinely getting quarantined that you determine is actually safe (for example, cookies for frequently-visited websites), feel free to use a less restrictive setting for that category.

Default Action for All Threats

To apply a new default setting to all existing categories, click this button and then select the new action. A confirmation dialog will be displayed asking if you want to apply the new setting to all categories.

3. Quarantine

You can configure the following quarantine settings on each agent.

• Delete items older than dd days: Specify how long infected files will reside in the quarantine directory before being deleted.

• Maximum size (MB): Specify the maximum amount of disk space reserved for the quarantine directory on each agent machine. If the size limit is reached, the oldest files in the quarantine directory will be removed when new files need to be added.

Threat Description

Provides a detailed description of the threat currently selected in the threat category list.

Save and Update Agents

Saves all changes to the policy file and stores it on the console. Also updates any agent machines that are currently assigned this policy as follows:

• If an agent machine is online and configured to listen for policy updates, the updated policy will be pushed out to that machine immediately.

• If an agent machine is online but is not configured to listen for policy updates, the updated policy will be pushed out the next time the agent checks in with the console.

• If an agent machine is not currently online, the updated policy will be pushed out the next time the agent checks in with the console.

The Agent Policy Editor will be closed.

Cancel

Indicates you want to exit the Agent Policy Editor without saving your most recent changes. A "Do you want to save your changes?" prompt will appear that gives you a second chance to save your changes. If you click Yes the policy will be saved and the associated agents updated (the same as Save and Update Agents).  If you click No the Agent Policy Editor will be closed without saving your changes.