Learn how to configure VIPRE Endpoint Security policies to protect your agents, including scans, Active Protection, email protection, remediation, setting exceptions, allowing threats, and firewall setup.
About Policies
A Policy contains all settings and configurations for agents assigned to it. You create and configure your policies based on existing policies, which can be the Default Policy, an Imported Policy, or an Admin-defined Policy.
Tip: Before creating and configuring any policy, it's a good idea to plan out how best to organize (group) machines into policies. From there, you can create any additional admin-defined policy on which to build from.
Policies that can be used as a starting point
Default Policy
You can start with the Default Policy to create policies that will be used in your production environment or to create your own default policies. The Default Policy is not "connected" to policies that you create from it; so, you can always use the Default Policy as a starting point for additional policies.
Important! The Default Policy is initially set with minimum settings that are the least intrusive. This means that the Agent User Interaction, Active Protection, Email AV, Firewall, and Windows Security Center are all disabled. It's intended to be used as a starting point, not "out-of-the-box-ready" to be deployed over your network.
VIPRE includes default policies for specific machine types (Workstation, Server, Laptop, etc.) to get you started. The included default policies provide preset configurations and exclusions based on best-practice recommendations for many common environments. After selecting a default policy, you may need to further customize your settings to meet any additional requirements of your specific environment and organization.
You may also assign any custom policies you create as Default policies for specific categories.
Imported Policies
A Policy is an XML-based file that can be imported or exported.
Admin-defined Policies
An Admin-defined Policy is a policy created by you or another administrator based on the Default Policy, an Imported Policy, or any other Admin-defined Policy.
Special Considerations for Creating Policies
Important! Failure to provide proper exclusions can result in vital aspects of your infrastructure to stop functioning.
When creating new policies, here are some important policies to consider having, depending on your environment:
Domain Controllers
- Add “Always Allowed Exception” exclusions for the items listed in Microsoft KB Article 822158.
Email Servers
- Agents installed on email servers are designed to protect the server, not to provide active email scanning.
Terminal Servers such as CITRIX or VMware
- Do not attempt to automatically install agents on servers of this type using a “push” method. Create a separate MSI package and install on the Terminal Server using “add/remove programs.”
- This will cause the Agent to protect any sessions that are running on that server and not just the Terminal Server itself.
- Initially installing agents to all sessions should be done with the CITRIX terminal server in install mode. For further information on CITRIX installs please see this CITRIX install guide from Methodology in a Box.
Low bandwidth agents
- Create a separate policy for agents with low bandwidth:
- Set Mark agents inactive after no contact in minutes to a value that is at least three times the value of the "Heartbeat Interval" setting.
- Set the Agent status heartbeat in minutes to an interval as much as 1 hour. As long as the console can ping the agents, they will be notified to come and pick up a deferred work item if any is added for them; so, the 1-hour update interval will not hurt agent responsiveness for deferred work.
- Set agents to get definitions updates from the Internet, which is similar to laptop users. Create Remote Updates Server in geographic proximity to the agents.
SQL Database Servers
- Add “Always Allowed Exception” folder exclusions for the SQL Database folder such as: “C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS”
- See Microsoft KB Article 309422 for more information on SQL exceptions.
Microsoft SharePoint Servers
- Add “Always Allowed Exception” folder exclusions for the items listed in Microsoft KB Article 952167.