Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

6.10.1 Setting an action for a security level in the Edit Action Policy window

Actions are set in the Edit Action Policy window.

The following figure shows the Edit Action Policy window.

Figure 6-25 Edit Action Policy window

There is an Edit Action Policy window for each security level, but the items for the customized items view are shared across all windows.

The action items set in the Edit Action Policy window are as follows:
Notify to administrator

Select this check box to notify administrators of the security level judgment results.
 
Note

To enable administrator notification by email, you must configure the SMTP virtual server in Microsoft Internet Information Services and specify that incoming messages should be relayed to the remote domain. When setting up the SMTP virtual server, you must set a limit for the message size. To estimate the maximum message size, use the following expression (in megabytes):

(4,096 + 202 x number of assets) / (1,024 x 1,024)

For details about setup in Microsoft Internet Information Services, see the manual Job Management Partner 1/Asset Information Manager Planning and Setup Guide.
Notify the administrator by email

Select this check box to notify administrators by email of the security level judgment results. Click the Settings for Email Address button, and set the administrator email address in the displayed Settings for Email Address dialog box.

Figure 6-26 Settings for Email Address dialog box
 
Email address to add
To add a notification email address, enter the email address to be added, and then click the Add button. The email address is added to the list displayed for Email address to be notified.

Email address to be notified
Displays no more than 100 email addresses already set.
 
If there are any unnecessary email addresses, select them and click the Delete button.

The selected addresses are deleted from the Email address to be notified list.
 
When Email address to be notified contains a large amount of information, you can create a mail address definition file in CSV format, and import the file.

In the Import (Email Address Information) dialog box displayed by clicking the Import button, specify the location of the mail address definition file you want to import.

Figure 6-27 Import (Email Address Information) dialog box

In the File name text box, specify the name of the mail address definition file you want to import, and then click the Open button. The specified file is read, and the Settings for Email Address dialog box appears again.

The client security control system provides a sample of a mail address definition file. The administrator can customize the sample file to create a definition file and then import it. For details about a sample of this definition file, see A.4(8) Sample of a mail address definition file. For details about the mail address definition file, see 16.3 Mail address definition file.

If the specified file does not contain the information indicated in the Email address to be notified list (the file is empty), an error message appears and the import is canceled.
  
The information in Email address to be notified can be exported to a CSV file. This file can then be used as a mail address definition file.

In the Export (Email Address Information) dialog box displayed by clicking the Export button, specify the location where you want to save the exported file.

Note that the Export button is disabled when no definitions have been registered in Email address to be notified.

Figure 6-28 Export (Email Address Information) dialog box

In the File name text box, specify the name of the CSV file to be exported, and then click the Save button. The specified file is saved, and the Settings for Email Address dialog box appears again.

The default file name is MailAddress.csv. For details about the mail address definition file, see 16.3 Mail address definition file.
Note that the contents of email notifications can be edited by choosing Customize and then Mail notification in the action items tree view.

Notify IM

Select this check box to Notify IM of security level judgment results. For details about linkage to JP1/IM, see 11.1 Linking to JP1/IM.

Note

To notify JP1/IM of security level judgment results, during JP1/CSC - Manager setup, set IM linkage to Notify. For details about JP1/CSC - Manager setup, see 5.4.3 Setting up JP1/CSC - Manager.
Send message to user

Select this check box to notify users of security level judgment results. Note that the contents of notification messages can be edited by choosing Customize and then Message notification in the action items tree view.

Control network connection

Select this check box to permit or deny client network connection.

Choose this action when using a quarantine system.

Permit connection

Select this radio button to permit client network connection.

Refuse connection

Select this radio button to deny client network connection.
Execute the specified command

Select this check box to implement a user-defined action (user-specific command set by the administrator). The check box is cleared by default.

Commands are executed automatically as set in the user-defined action. For details about command execution, see Command used in a user-defined action in 15. Commands.

Action name

Type the action name in no more than 255 bytes.

Command

Click the Browse button to display the Select File (Execution Command) window and select a command file. You can select any command file (*.exe or *.bat) stored on the management server.

The specified command is executed as described in Command used in a user-defined action in 15. Commands. For command details, see Command used in a user-defined action in 15. Commands.

Enter any parameters you want to specify after the command name. Type the command path as a character string of no more than 1,000 bytes. If you include any spaces, enclose the entire path with double quotation marks (").

Pass the asset information to the command

Select this check box to pass asset information judged Danger, Warning, or Caution to the command. The check box is selected by default.

For the file format of asset information passed to a command, see 16.8 Asset information file.

Pass the judgment result to the command

Select this check box to pass information about unapplied Windows security updates (patches and service packs), and whether the required anti-virus products are installed, to the command. The check box is selected by default.

After selecting this check box, you must select either of the following types of judgment results. The default is Summary.

Summary
Select the Summary radio button to pass the judgment items and security level judgment results to the command.

Details
Select the Details radio button to pass the summary results, and the judgment result for each item set in the judgment policy, to the command.

For the file format of judgment results passed to a command, see 16.9 Judgment result file for security level.
Command line at execution

This is the command line when the specified command is executed.

For details about this command line, see Command used in a user-defined action in 15. Commands.
 
Note

If both Send message to user and Refuse connection are selected, messages may not reach the user because client network connections will be denied.
Settings for Execution Conditions button

Use this button to set a condition for implementing an action. When you click this button, the Settings for Action Execution Conditions dialog box appears.
 
Note

When an action execution condition is set, the action is not implemented until the condition is satisfied.
 
The following figure shows the Settings for Action Execution Conditions dialog box.

Figure 6-29 Settings for Action Execution Conditions dialog box

For each type of action (Notification to administrator, Notification to PC user, Control PC network connection, and Action for the user definition), you can select the following three execution conditions:

Specify number of consecutive days

Select this check box to specify a consecutive number of days. The check box is cleared by default. After you select this check box, you can enter the number of days. Either type a number between 1 and 1000, or select a number using the and buttons.

You can set this option for the Danger, Warning, and Caution security levels.

Specify number of consecutive times

Select this check box to specify a consecutive number of times. The check box is cleared by default. After you select this check box, you can enter the number of times. Either type a number between 1 and 1000, or select a number using the and buttons.

You can set this option for the Danger, Warning, and Caution security levels.

Execute the action when the security level changes

Select this check box to implement an action when the security level changes. The check box is cleared by default.

You can set this option for the Safe security level.

The number of consecutive days and times can be counted in either of the following ways:

Increase the count when the security level is the same
The count is increased when the security level is the same as the previous judgment. When the security level differs from the previous result, the consecutive days and times are cleared.

Increase the count when the security level is the same as or higher
The count is increased when the security level is the same as or higher than the previous judgment. When the security level is lower than the previous result, or is not Danger, Warning, or Caution, the consecutive days and times are cleared.

Set the count method for the number of consecutive days and times in the Basic Settings page of the Client Security Control - Manager Setup dialog box. Set either of the above methods in Method for counting the number of consecutive days and times under Security level judgment information.
 
Note

If you choose to increase the count when the security level is the same as or higher than last time, you must set the same number of consecutive days and times as the action execution condition for each security level.
The following table lists the default for each setting item in the Edit Action Policy window, by security level.

Table 6-36 Default security levels for the Edit Action Policy window

No. Edit Action Policy window item name Default security level

Danger Warning Caution Safe

1 Notify to administrator Do not notify Do not notify Do not notify Do not notify

2 Notify the administrator by email Notify Notify Notify Do not notify

3 Notify IM Notify Notify Notify Do not notify

4 Send message to user Do not notify Do not notify Do not notify Do not notify

5 Control network connection Do not control Do not control Do not control Do not control

6 Permit connection or Refuse connection Refuse connection Refuse connection Refuse connection Permit connection

7 Execute the specified command Do not execute Do not execute Do not execute Do not execute

To save the settings in the Edit Action Policy window:

Set the action item.

Click the Save button.
The set contents are saved as an action policy.

Reference note

An error message or warning message may appear when you click the Save button. Read the message, and review your settings if necessary. Click the OK button to save the settings, or the Cancel button to discard them.

No.	Edit Action Policy window item name	Default security level
Danger	Warning	Caution	Safe
1	Notify to administrator	Do not notify	Do not notify	Do not notify	Do not notify
2	Notify the administrator by email	Notify	Notify	Notify	Do not notify
3	Notify IM	Notify	Notify	Notify	Do not notify
4	Send message to user	Do not notify	Do not notify	Do not notify	Do not notify
5	Control network connection	Do not control	Do not control	Do not control	Do not control
6	Permit connection or Refuse connection	Refuse connection	Refuse connection	Refuse connection	Permit connection
7	Execute the specified command	Do not execute	Do not execute	Do not execute	Do not execute

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated