2 virus throttle, How virus throttle works, Installing virus throttle – HP Integrity rx4640 Server User Manual
Page 17: How virus throttle works installing virus throttle
2 Virus Throttle
Viruses typically spread by connecting to as many different machines as possible. Virus Throttle,
a network packet-filtering feature, monitors all outbound connection requests. Virus Throttle
helps to stop the spread of viruses on your system by detecting abnormal or virus like behavior
in the requests. It slows down excessive connection requests to new hosts until you can determine
if they are viral in nature and take action.
How Virus Throttle works
Virus Throttle allows the network infrastructure to stay up and running by slowing traffic on
systems that exhibit high connection rates and frequent connections to new hosts.
When you install Virus Throttle on your system, the Virus Throttle network NDIS filter driver
is inserted into all existing protocol-to-miniport bindings and all network traffic passes through
it. Virus Throttle provides TCP and UDP support. The driver maintains a delay queue of
connection requests for each instance of the network protocol stack and a list of known hosts
that have established connections.
The driver examines all outbound connection requests and determines if the request is for a
known host. If known, the request is passed down the protocol stack as a normal request. If
unknown, the request is added to the delay queue. Periodically, the delay queue is examined
and the oldest request is removed and passed down the protocol stack.
High and low water marks are preset thresholds maintained for the delay queue and are used
to determine when "virus-like" behavior is occurring or has stopped.
•
High water mark — When the rate of connection requests exceeds the rate of their removal
from the delay queue, the high water mark in the queue is exceeded, and the driver indicates
virus-like activity.
•
Low water mark — When the rate of connection requests slows enough to fall below the
low water mark, the driver indicates that virus-like activity has stopped.
When virus-like activity is detected or has stopped, Virus Throttle sends a Windows Management
Instrumentation (WMI) event notification and, if HP Management agents are installed, a Simple
Network Management Protocol (SNMP) trap is also sent.
Installing Virus Throttle
To install Virus Throttle:
1.
Insert the SmartSetup CD that came with your server.
2.
At the License Agreement screen, click Agree.
3.
At the HP SmartSetup screen, go to the Software tab.
4.
Select your server model number on the left side of the screen.
5.
In your server Software screen, under the section, “Drivers”, select HP Virus Throttle for
Windows Server 2003 on Itanium-based systems
.
6.
In the Virus Throttle screen, read the Release Notes and installation instructions for this
utility. Then click the Download button, save the installer file to the desired location, and
run it.
7.
Click Install at the HP Package Setup screen to begin the installation.
8.
When the installation finishes, a Virus Throttle tray icon appears on the task bar on the
Windows desktop. Use this icon to open the Virus Throttle Status and Configuration Utility.
How Virus Throttle works
17