Learn what policies are and their role in protecting your endpoints. Get an overview of the policies available when starting out. Includes information on settings groups, device groups, and policy assignments for new agents.
What is a policy?
Simply put, a policy is a group of settings that controls the behavior of the VIPRE agent on each device. All agent options are controlled through policies, including
- scheduled scan times
- amount of user interaction on the agent
- whether to remove incompatible software during agent install
... and much more.
Policies are often created with types of devices in mind, such as servers, laptops, and desktops. You might also create policies that collect more specific groups of devices in your infrastructure, like "Windows 10 desktops" or "Sales MacBooks."
Bottom line: A policy is tailored to the group of devices it protects.
Every agent must be assigned a policy. You can define any number of policies for your site to meet your specific needs.
Exploring policies
The Policies tab in VIPRE Cloud is your spot for managing policies. Under the Summary, you will see a list of all your policies along with default policy assignments, plus a quick summary of which protection features are enabled for any given policy. From here, you can drill down to see detailed policy settings as well as create or clone policies to create new, custom policies.
Policies available at first launch
VIPRE Cloud initially provides two predefined policies:
- Default Enterprise - ideal for most workstations and laptops - this is also the default policy to which all but servers will be assigned
- Default Servers - settings that consider specific server hardware/software needs
These policies are based on the most common settings needed for these types of devices. They're also a good jumping off point for creating your own custom policies.
Policy Defaults
When agents are deployed, you get to choose whether a specific policy is pre-assigned to the agents you are deploying, or whether the agent will adopt the default policy. If you allow the default policy, then the agent will report back the type of system it was deployed to (server, laptop, desktop) and the device will be automatically placed into the appropriate policy (as defined by the default policy settings on the Summary tab).
If you drill down on a specific policy, you can see all the devices associated with that policy and easily assign additional devices to that policy. When you assign a new policy to a device, the agent will pick up the new policy the next time it checks in with VIPRE Cloud.
You can also edit specific policy settings to define the behavior you want for the agent. When working with policies, you will see that related settings are grouped together for easier management.
Settings Groups
The list below shows the group names and sub-groups, along with a brief description of their purpose. Depending on which platform the policy is for (Windows or Mac) not all groups or settings will be available.
- Agent
- User Interface - show agent icon on taskbar or menu bar; allow/disallow user to perform manual scans; cancel, pause and resume scans; customize reboot message; enable automatic reboot
- Permissions - allow/disallow user to open agent UI; manage quarantine, exclusions, scan schedules, scan history, or remediate manual scans
- Operating System - disable Windows Defender, integrate with Windows Security Center, NT event logging; show agent in installed programs; wake from sleep for scheduled scans, laptop power save mode
- Data Retention - auto-delete quarantine and scan history data; specify length of time for data retention when auto-delete is enabled
- Updates & Communications - control frequency of definitions and agent software updates, enable use of beta agents when available
- Incompatible Software - specify if incompatible software is automatically removed when agent is installed; set reboot behavior when removing incompatible software
- Tamper Protection - enabled by default; prevents modifications of your computer's local product folders, registry keys, and virtual memory where the VIPRE Agent resides
- Scanning
- General - on demand (user right-click option), USB drives on insert, randomize scheduled scan times, handling of missed scans
- Threat Handling - action to take when a possible threat is found; e.g., disinfect, delete, or quarantine
- Quick Scan - set day and time, locations, and item types (e.g., cookies, rootkits, processes)
- Full Scan - set day and time, locations, and item types (e.g., cookies, rootkits, processes)
- Active Protection
- Active Protection - enable/disable active protection and set level to high-risk extensions only, execution only, or all touched files
- Interaction - control amount of user interaction allowed with Active Protection
- HIPS - enable/disable the Host Intrusion Prevention System and control how code injection is handled (e.g., allow, block, prompt)
- AMSI - enable malicious script blocking with Microsoft AMSI protection
- Exploit Protection - enable detection and blocking of program exploitation
- Web/DNS Protection
- DNS Protection - enable/disable DNS traffic filtering
- Web Protection - enable/disable Malicious URL Blocking for HTTP or HTTPS traffic, specify ports to filter
- Logging & Interaction - enable logging, or allow the user to configure
- Web Access Control
- Web Access Control - enable/disable web access control
- Access Control Level - select a level to block specific website categories
- Scheduling - have Web Access Control run 24 hours a day or set a specific schedule
- Email Protection
- General - enable/disable email and anti-phishing
- Clients - enable/disable protection for Microsoft Outlook or other email clients
- Interaction - allow user to enable/disable
- Threat Handling
- Remediation - by item type, specify whether to allow, report only, quarantine, or delete items that are detected as possible threats
- Patching
- Application Scanning - enable/disable application scans to look for security vulnerabilities
- Application Updates - enable/disable automatic application updates based on a schedule
- Firewall
- General - enable firewall
- Logging - enable/disable logging for events or port scans
- Application Rule Default - rules to apply for applications
- Advanced Rules - rules to set communication direction, application, protocol, ports
- IDS
- General - enable intrusion detection system
- Intrusion Actions - set response based on priority of detection
- IDS Rules - view or disable rules
Additional Mac agent settings and preferences
For additional information on the Mac agent and details on agent application settings, reference the VIPRE Home Mac Settings guide and Preferences guide. Please note this linked content is for VIPRE Advanced Security for Home - Mac Edition (VIPRE Home Mac). VIPRE Home Mac is nearly identical to the Mac endpoint agent, but some features may be disabled by your VIPRE Cloud administrator.