Create a SEM rule to track when viruses are not cleaned

Create and enable the Virus Attack – Bad State rule to track virus attacks reported by your anti-virus software. The Bad Virus State User-Defined Group defines a bad state as any virus that is not fully cleaned by your anti-virus software. This includes any virus that is not addressed, quarantined, or renamed.

The default action for this rule is to generate a HostIncident event, which you can use in conjunction with the Incidents report to notify auditors you are auditing the critical events on your network.

  1. In the SEM Events Console, click the Rules tab.
  2. On the Rules toolbar, click Create rule from template.

  3. In the search box, enter Virus Attack - Bad State.

  4. Select the Virus Attack - Bad State rule template, and then click Next.
  5. Review and edit the existing conditions and values where needed, and then click Next.
  6. Review and adjust the rule details where needed, and then click Create.

    See Create a new rule for additional guidance.