Makes sense, thanks again for your input. From: [email protected] [mailto:[email protected]] On Behalf Of Lutz, Ken Sent: Thursday, August 07, 2014 4:57 PM To: '[email protected]' Subject: [mssms] RE: recommended settings SCEP 2012 default actions
It seems to me that we did this in case there were ever any files that were falsely flagged. Not necessarily a false positive type flag, but maybe something like a VNC remote control file being flagged. This way it would be in quarantined. We felt that medium was an acceptable level to have this 'risk' on. I hope that makes sense. Thanks, Ken ... From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Timothy Ransom Sent: Thursday, August 07, 2014 1:14 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: recommended settings SCEP 2012 default actions Thanks Ken. It seemed like recommended was a better option but wasn't sure since new policy defaults to quarantined for severe, high, medium, and allow for low. Is there a specific reason you did not also select recommended default action for medium threats? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Lutz, Ken Sent: Wednesday, August 06, 2014 6:58 PM To: '[email protected]' Subject: [mssms] RE: recommended settings SCEP 2012 default actions Workstations: [cid:[email protected]] Servers: [cid:[email protected]] Thanks, Ken ... From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Timothy Ransom Sent: Wednesday, August 06, 2014 3:25 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] FW: recommended settings SCEP 2012 default actions Any SCEP users that can relate their settings in use for default actions on servers and workstations? Thanks. From: Timothy Ransom Sent: Monday, August 04, 2014 4:12 PM To: [email protected]<mailto:[email protected]> Subject: recommended settings SCEP 2012 default actions Hi, I have rolled out SCEP 2012 successfully and looking for some feedback on recommended settings SCEP default actions. The default settings of Quarantine seems logical for servers, but leaves a lot of manual removal of quarantined items. Does anyone use Recommended or Remove for default actions on workstations? Thanks, Tim ********************************************************************************************** GDOL CONFIDENTIALITY NOTICE: This transmission may contain confidential information protected by state or federal law. The information is intended only for use consistent with the state business discussed in this transmission. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action based on the contents is strictly prohibited. If you have received this transmission in error, please delete this email and notify the sender immediately. Your cooperation is appreciated. ********************************************************************************************** ********************************************************************************************** GDOL CONFIDENTIALITY NOTICE: This transmission may contain confidential information protected by state or federal law. The information is intended only for use consistent with the state business discussed in this transmission. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action based on the contents is strictly prohibited. If you have received this transmission in error, please delete this email and notify the sender immediately. Your cooperation is appreciated. ********************************************************************************************** ********************************************************************************************** GDOL CONFIDENTIALITY NOTICE: This transmission may contain confidential information protected by state or federal law. The information is intended only for use consistent with the state business discussed in this transmission. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action based on the contents is strictly prohibited. If you have received this transmission in error, please delete this email and notify the sender immediately. Your cooperation is appreciated. **********************************************************************************************
