Windows Detection Policy
更新时间:2023-08-16 18:39:23
1. Usage Scenario
Windows Detection Items refers to the items or objects that can be detected by a Windows operating system, like installed programs, drivers, or updates. ESA has integrated with Windows detection items to ensure that the user’s login from a Windows operating system will be checked and confirmed to be secure enough to access the applications.
This feature only available on users with Premium bundle
2. Operation Steps
1) Go to Endpoint Security–>Compliance Check–>Config Policy, add New
2)Fill in the necessary information and click Next
| Policy Name | Explanation |
|---|---|
| Policy Name |
Define the name of the policy |
| Status | Configures to enable/disable the policy when it is created |
| Prompt Method | It configures when to prompt notice when risky events are detected. Available value: 1) Prompt risky notice at login: the client will pop out to notify that there are risky events been detected when user login to ESA client 2) Prompt risky notice at every check: the client will pop out to notify that there are risky events been detected every time the ESA client conducts device check. It works together with Detect Interval. 3) Don't prompt: do not pop out notice even when risky events been detected |
| Detect Interval | Configures the time interval for ESA client to conduct device compliance check. For example, if set to 30mins, the ESA client will perform compliance check every 30 minutes. No matter what Interval has been configured, the client will conduct compliance check at login. |
| Description | Enter description to better understand the connector |
| Apply to User | Defines which users will be assigned to the policy. To avoid policy confliction, one user can only be assigned to one compliance check policy |
3)Enable the items you want to perform the compliance check and configure the deduct scores for each enabled items, then click Next.
See detail information of each items below:
| Field Name | Explanation | Configuration Examples |
|---|---|---|
| Domain User Detection | Check whether the endpoint is in the domain. Fill in your Windows domain name and the deduct score |
Domain name=ALEX-TEST, deduct score =10 means: if user is not login from a device with Windows domain name=ALEX-TEST, user's trust score will be deducted 10 points |
| F-Scrack | Check whether the computer account has a weak password | Deduct score =10 means: if user is login from a Windows device with weak login password, user's trust score will be deducted 10 points |
| Credit Device Detection | Check whether the device is on ESA authorized device list | Deduct score =10 means: if user is login from a device that is not on ESA authorized device, user's trust score will be deducted 10 points |
| Antivirus Software Detection | Check whether the specified antivirus software is running on the device. When multiple antivirus software is selected, users running any of the select software can pass the check | Antivirus software select IP-Guard and Windows Defender, deduct score=10 means: if user is login from a device that has not running IP-Guard or Windows Defender, user's trust score will be deducted 10 points |
| Windows Firewall Detection | Check if Windows Firewall is turned on | Deduct score =10 means: if user is login from a device without Windows Firewall turning on, user's trust score will be deducted 10 points |
| GUEST Account Detection | Detect if GUEST account is disabled | Deduct score =10 means: if user is login from a device that the GUEST account is not disabled, user's trust score will be deducted 10 points |
| Computer Name Detection | Check whether the computer name meets the specific requirements | Name format=ALEX-TEST *, deduct score =10 means: if user is not login from a device with computer name starts with ALEX-TEST, user's trust score will be deducted 10 points |
| OS Version Detection |
Check whether the computer operating system version meets the requirements | OS version>20H2, deduct score =10 means: if user is login from a device which OS is lower than 20H2, user's trust score will be deducted 10 points |
| Client Version Detection | Check whether the ESA client version is greater than the specified version | Client version>=2.96.1, deduct score =10 means: if user is login from an ESA client with version lower than 2.96.1, user's trust score will be deducted 10 points |
| System Shared Resource | Check if there are shared directories configured on device | Deduct score =10 means: if user is login from a device that has shared directories configured, user's trust score will be deducted 10 points |
| Remote Desktop Detection | Check if remote desktop is enabled on the device | Deduct score =10 means: if user is login from a device that has remote desktop enabled, user's trust score will be deducted 10 points |
4)Move the buoy on score bar to define the risk level
Take following configuration as an example, when a user’s trust score is:
- <=60, the user will be marked with Critical Risk
- 60-70, the user will be marked with High Risk
- 70-80, the user will be marked with Medium Risk
- 80-90, the user is with low risk
- 90-100, the user is safe
5) Click Submit to finish the policy configuration
6)Back to policy list, you will see the new policy. Click Management if you need to adjust the configuration.
本篇文档内容对您是否有帮助?
有帮助
我要反馈