New to ERA, would like help with dynamic groups

[Rob Andrews 0]

Hi all,

 

New to using ERA, im currently looking to create a dynamic group called 'Infected Computers', where any customer computer that detects a threat is moved to. Once in the Infected Computers group, i'd like to set a rule of some sort that automatically runs a scan on the infected device which cleans it, then a rule which runs another scan, and if the computer is then clean, removes it from the Infected Computers group. Can anyone help me with how I can set this up if its possible?

Many thanks,

Rob

[MichalJ 434]

For this purpose, you can use the dynamic group template "computers with active threats". Every time, an un-handled threat is reported (meaning threat, that was not possible to be cleaned / or was not removed by the product directly), computer is added to this dynamic group. 

You can then assign a task "on-demand scan" with "in-depth scan" (profile), set to "strict cleaning" (you can adjust the cleaning settings by policy for Endpoint). That will basically remove any "uncleaned" threats from the machine, by the means of deleting. The task should be set to "joined dynamic group trigger". 

Please note, that "active threats" are not the same as "unresolved threats". Number of unresolved threats includes also the ones, that have been handled, but have not been acknowledged by the administrator (yet) - by marking them as "resolved". This will change in the future, release, where handled threats will be resolved automatically. If you need a further help, please let us know. 

Edited January 18, 2018 by MichalJ

[Rob Andrews 0]

Hi Michal,

 

I've had a look in our Dynamic Group Templates list, but no "Computers with active threats" template exists. Do I need to download this template from somewhere? Or manually create it?

 

Thanks,

Rob

[MichalJ 434]

Hello, those are the symbols you should choose: 

 

[Rob Andrews 0]

Hi,

 

Great, thanks so much for your help!

 

Rob