Rob Andrews 0 Posted January 18, 2018 Share Posted January 18, 2018 Hi all, New to using ERA, im currently looking to create a dynamic group called 'Infected Computers', where any customer computer that detects a threat is moved to. Once in the Infected Computers group, i'd like to set a rule of some sort that automatically runs a scan on the infected device which cleans it, then a rule which runs another scan, and if the computer is then clean, removes it from the Infected Computers group. Can anyone help me with how I can set this up if its possible? Many thanks, Rob Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted January 18, 2018 ESET Staff Share Posted January 18, 2018 (edited) For this purpose, you can use the dynamic group template "computers with active threats". Every time, an un-handled threat is reported (meaning threat, that was not possible to be cleaned / or was not removed by the product directly), computer is added to this dynamic group. You can then assign a task "on-demand scan" with "in-depth scan" (profile), set to "strict cleaning" (you can adjust the cleaning settings by policy for Endpoint). That will basically remove any "uncleaned" threats from the machine, by the means of deleting. The task should be set to "joined dynamic group trigger". Please note, that "active threats" are not the same as "unresolved threats". Number of unresolved threats includes also the ones, that have been handled, but have not been acknowledged by the administrator (yet) - by marking them as "resolved". This will change in the future, release, where handled threats will be resolved automatically. If you need a further help, please let us know. Edited January 18, 2018 by MichalJ Link to comment Share on other sites More sharing options...
Rob Andrews 0 Posted January 18, 2018 Author Share Posted January 18, 2018 Hi Michal, I've had a look in our Dynamic Group Templates list, but no "Computers with active threats" template exists. Do I need to download this template from somewhere? Or manually create it? Thanks, Rob Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted January 18, 2018 ESET Staff Share Posted January 18, 2018 Hello, those are the symbols you should choose: Link to comment Share on other sites More sharing options...
Rob Andrews 0 Posted January 18, 2018 Author Share Posted January 18, 2018 Hi, Great, thanks so much for your help! Rob Link to comment Share on other sites More sharing options...
Recommended Posts