Configure a Policy - Overview

Written By Cindy Johnson (Super Administrator)

Updated at May 30th, 2020

Agent Screens

The Agent screens control the following:

  • User Interaction refers to how the end-user can interact and control specific functionality in the Agent.
  • Configure User Prompts that end-users experience and how Rebooting occurs.
  • Actionsapply to the settings for the agent machine's OS and Data Retention for its Quarantine and Scan History. 
    • Enable NT event logging should NOT be enabled unless you are using a third-party program that will pull events from the log. It consumes resources (such as memory, CPU, and disk) on the agent to do the logging. This feature is primarily for SDK customers and resellers.
  • Updates are distributed to machines based on the Agent Updates settings for each Policy. Agent update settings help you manage the impact to network traffic and machine performance when Policies distribute updates to Agents.
  • Throttle updates from the local server in milliseconds to adjust throttling for lower bandwidth connections. A general guide:

    1 MBPS network: 1000 milliseconds
    10 MBPS network: 200 milliseconds
    100 MBPS network: 50 milliseconds
    1 GBPS network: 20 milliseconds

  • Check for definitions updates periodicity in hours: Best set between 1 and 3 hours. The default start time for updates is when the computer first boots up. For example, if the computer boots up at 7:43 a.m. and checks for updates every 3 hours, it will check at 10:43 a.m., 1:43 p.m., 4:43 p.m., and so forth.
  • Download via the Internet if local updates are unavailable should only be enabled for laptops or mobile agents that will not be able to contact the update server. Using this internally will cause extra strain on the WAN.
  • Communication:
    • Intervals: change agent heartbeat times to reduce load on the VIPRE Site Service and your network pipeline. Change Agent status heartbeat in minutes using the following formula: # agents (the total number of all agents assigned to all policies under a site) / 120 = Agent heartbeat time. Use a minimum of 5 minutes. Increase the minute value to 10 minutes if you are using more than 2500 agents for one site. For laptops or mobile agents, ensure that the Heartbeat after failure in days is at the default of 365.
    • If Agents require a Proxy to reach the Internet for obtaining definitions updates, set the proxy settings at the policy level, which will apply to all agent machines assigned to the policy.
    • The Power settings are used in separate policies to handle laptops in power saver mode. The default settings for laptops running an Agent require that the laptop be powered by AC power (not battery) in order for the Agent to properly receive updates. This feature is incorporated to ensure the agent software can complete the update cycle which could be interrupted due to an unexpected loss of power from a depleted laptop battery.
    • Use the Laptop Power Save Mode on a separate policy just for laptops. When initially installing an Agent to a laptop, unselect this option. Select this mode once the Agent is set up and configured properly on the laptop.

Scanning Screens

The Scanning screens allow you to set the following:

  • Settings: configure basic Agent scan settings including detections, on-demand scanning, scanning USB devices, and scanning on startup.
  • Scan Start-Up—Randomize scheduled scan start times by in minutes: this setting is best used in conjunction with setting your agents to check for threat definition updates before a scan starts (Agent>Updates>Pre-scan). The use of this setting will spread out a load of definition updates when agents require a threat definition update and should take the throttling interval (Agent>All Updates>Throttle updates...) into account. The larger you make this value, the less impact upon your network.

    For policies with several hundred agents or more that check for threat definition updates before starting a scan, the randomized start time should be anywhere from one-half to twice the time it will take for the agent to download a threat definition update. This setting depends on how sensitive your network is to bursts of data.
  • Full, Quick & Custom Scan screens: allow you to schedule automatic scans, set scan priority, select drive(s) for scanning, and to set options.
  • Agent scan intervalsBest practices for scheduling scans are:
    • Schedule quick scans to run at least once daily.
    • Schedule a full scan to run each night during non-business hours, when possible, and after nightly backups for the least possible impact. If an after-hours scan is not possible, set the full scan to run at a low priority during working hours. Regardless, full scans should run daily.

Active Protection

The Active Protection screens allow you to enable and configure the AP (real-time/on-access) settings for agents.

WARNING! Disabling Advanced Active Protection will disable Process Monitoring and place your systems in a vulnerable state for infections. We strongly recommend you leave this option enabled. If you feel it should be disabled for your specific environment or endpoint, please consult with our support team prior to doing so.

  • On Access: controls how AP will respond to files when accessed. You can set it based on the needs of your security environment, whether it be more for performance or more for security.
  • User Control: it is recommended to restrict user access to experienced users.

Email Protection

The Email Protection screen allows you to enable email protection and control whether the end-user can turn this feature off.

  • Agents on Email Servers: Email scanning should be disabled for email server agents. Agents installed on email servers are designed to protect the server, not to provide active email scanning.
  • Email Client Ports: If the agent computer uses an email client that requires specific port settings, then those port settings MUST be set the same here. The default of POP3 to 110 and SMTP to 25 is applicable to most configurations, especially over a network. This is sometimes changed for agents installed on laptops or remote users.

Remediation

The Remediation screen allows you to customize the remediation settings down to the sub-category of threat, offering great versatility in its configuration. Remediation applies to scanning, email protection, and Active Protection.

Exceptions

The Exceptions screens allow you to list files that you know to be good or bad so that those files will be automatically allowed (ignored) or blocked accordingly.

Add an Exclusion (always allowed/ignored) exception for the Exchange Store and Temp folders to prevent Active Protection from scanning them. This will alleviate resource demand on the Email Server.

Allowed Threats

The Allowed Threats screen allows you to quickly search for and remove threats from the Allowed Threats list. The Definitions Database is comprehensive and may detect applications not considered as threats by all end users.

Firewall

Important! By default, the Firewall is TURNED OFF. Upon initial installation of VIPRE, you must configure the Firewall settings to your organization's needs.

The Firewall screens consist of the following:

  • Basic Firewall Protection: includes all Exceptions settings (Application, Network, and Advanced rules), IDS, and Trusted Zones.
  • Web Filtering: includes settings for Advertisement Web Sites, Allowed Web Sites, and Bad URL Blocking.
  • Advanced Firewall Protection: contains process protection settings.
  • Assigned Firewall Templates: allows you to assign firewall templates to the policy. Firewall templates are created at the site-level from the Site Properties.

Agent Installation Management

The Agent Installation Management screens are configured during Agent installation.