Skip to content

Host Scan

View Host Scan Policies

To view the list of Host Scan Policies:

  1. Log on to the Management Console.
  2. Go to Policies > Endpoint Security Policies > Host Scan Policies.
  3. The page lists all the Host Scan Policies in a tabular manner with the following information:

Field Description
Policy Name Displays the policy identifier.
Policy Type Displays the policy type such as:
Antivirus
MAC Address
IP Address
Geolocation
Domain
WAN IP Address
Windows Update
Policy Description Displays the contextual description of the policy.

Search Host Scan Policy

The Host Scan Policy list can be filtered or searched by entering the policy name in the text box and by clicking the show icon.

Add Host Scan Policy

To add a new Host Scan Policy:

  1. Log on to the Management Console.
  2. Go to Policies > Endpoint Security Policies > Host Scan Policies.
  3. Click Add to create a new host scan policy.

These policies can then be linked with the security profiles described in the Device Profile Management section.

Field Description
Policy Name Enter the name to identify the policy.
Policy Type Select the type of policy to be configured from the drop-down list.
Policy Description Enter a contextual description of the policy.

Sub-policies

Sub-policies are the fundamental building blocks of policy configuration. Each sub-policy is comprised of one or more rules, and it is imperative that all rules are met for the sub-policy to pass.

Link/Button Description
Add (Policy Type) Policy Add a Sub-policy of the selected policy type. Based on the selected policy type, a corresponding link will be provided. For example, if Antivirus is selected as the policy type, the link will say Add Antivirus Product Policy. Clicking on it opens the Add Antivirus Product Policy window. Clicking on the link will take you to a sub-policy configuration corresponding to the selected Policy Type.
Copy A selected sub-policy listed in the box gets copied upon clicking the Copy button. To copy a policy:
- Select a policy from the list box.
- Click Copy.
- Enter the name of the new policy in the popup.
The fields of the new sub-policy will be copied along with the fields of the selected product policy.
Edit Click to modify the selected sub-policy.
Delete Click to delete the selected sub-policy upon confirmation.

Add Antivirus Product Policy

  1. When adding a new Host Scan policy, select the policy type as Antivirus and click the Add Antivirus Product Policy link. The Add Antivirus Product Policy window will appear.

  2. Add an Antivirus Product Policy to the Host Policy.

Field Description
Antivirus Policy Name Enter the name of the antivirus product policy.
Antivirus Vendor Select an Antivirus Product Vendor from the drop-down list.
Product Name Pick a product from the list.
Select Version Select the version for the selected product.
Selecting Any Version will check for any version of the product.
Ignore Windows Defender *Enabling this check box will send a remediation message to the end user to install an antivirus if they have only Windows Defender as an installed antivirus. Windows Defender is not considered an approved antivirus. This is only visible if there is no specific Antivirus installed on the device.
Product Last Updated Enabling this option will check for the device's last updated date of the antivirus.
Product last updated should not be older than the specified days/weeks. Specify the number of Days/Weeks to check for the last updated date.
Real Time Protection Enabled Enabling this option will check if real-time protection provided by the device's antivirus is turned on or off.
Remediate Selecting Remediate from the above options will automatically remediate any issues on the endpoint device.

Add MAC Address Policy

  1. When adding a new Host Scan policy, select the policy type as MAC Address and click the Add MAC Address Policy link. The Add MAC Address Policy screen will appear.

  2. Add MAC Address Policy to the Host Policy.

Field Description
MAC Address Policy Name Enter the name of the MAC address policy.
Allow 1. Allow if active MAC address matches: Selecting this option will allow the user to log in only if the active MAC address matches the ones configured in this policy.
2. Allow if any MAC address matches: This option will allow the user to log in only when any MAC address matches the configured ones in this policy.
Block 1. Block if active MAC address matches: Selecting this option will block the user from logging in only if the active MAC address matches the ones configured in this policy.
2. Block if any MAC address matches: Selecting this option will block the user from logging in only when any MAC address matches the configured ones in this policy.
MAC Addresses Add: Add the MAC Addresses in the format - AA:BB:CC:DD:EE:FF.
Delete: Click to delete the MAC addresses.

Add IP Address Policy

  1. When adding a new Host Scan policy, select the policy type as IP Address and click the Add IP Address Policy link. The Add IP Address Policy screen will appear.

  2. Add an IP Address Policy to the Host Policy.

Field Description
IP Address Policy Name Enter the name of the IP Address policy.
Allow 1. Allow if active IP address matches: Selecting this option will allow the user to log in only if the active IP address matches the ones configured in this policy.
2. Allow if any IP address matches: This option will allow the user to log in only when any IP address matches the configured ones in this policy.
Block 1. Block if active IP address matches: Selecting this option will block the user from logging in only if the active IP address matches the ones configured in this policy.
2. Block if any IP address matches: Selecting this option will block the user from logging in only when any IP address matches the configured ones in this policy.
IP Addresses Add: Add the IP Addresses in the format - x.x.x.x
Delete: Delete the IP addresses.

Add Geolocation Policy

  1. When adding a new Host Scan policy, select the policy type as Geolocation and click the Add Geolocation Policy link. The Add Geolocation Product Policy screen will appear.
  2. Add a Geolocation Policy to the Host Policy.

Field Description
Geolocation Policy Name Enter the name of the geolocation policy.
Allow Select this option if the user login is allowed from a specific location only.
Block Select this option to restrict users from logging in except from a specific location specified here.

Add Domain Policy

  1. When adding a new Host Scan policy, select the policy type as Domain and click the Add Domain Policy link. The Add Domain Policy screen will appear.

  2. Add a Domain Policy to the Host Policy.

Field Description
Domain Policy Name Enter the name of the domain policy.
Allow Users can only log in if their domain matches the configured policy.
Block Users can only log in if the domain doesn't match the configured ones in this policy.
Domains Add: Add the Domains in the format - Domain1, Domain2,...
Delete: Click to Delete the selected added domains.

Add WAN IP Address Policy

  1. When adding a new Host Scan policy, select the policy type as WAN IP Address and click the Add WAN IP Address Policy link. The Wan IP Address Policy screen will appear.

  2. Add a Wan IP Address Policy to the Host Policy.

Field Description
WAN IP Address Policy Name Enter the name of the WAN IP address policy.
Allow Select this option if the user login is allowed from a specific WAN IP address only.
Block Select this option to restrict users from logging in except from the WAN IP addresses specified here.
WAN IP Addresses Add: Add the WAN IP Addresses in the format - x.x.x.x
Delete: Click to Delete selected WAN IP addresses.

Add Windows Update Sub Policy

Endpoint login can be blocked or allowed based on the Windows update configuration and status.

This policy checks for:

  • Whether the Windows update service is running
  • Last Windows update check time
  • Last installed Windows update
  • Pending critical/important Windows update
  • Automatic update status
  • Windows activation status
  • Windows License status

Note

This feature is applicable only for endpoints that have Windows OS.

  1. When adding a new Host Scan policy, select the policy type as Windows Update and click the Add Windows Update Sub Policy link. The Add Windows Update Policy screen will appear.

  2. Add Windows Update Policy to the Host Policy.

Field Description
Windows Update Policy Name Enter the name of the Windows update policy.
Windows Update service must be running User login requires running the Windows update service (process).
Windows Update must not be in paused state Allow user login only if Windows updates are enabled and not paused.
Last Update Check time Enable the last update time check and set the allowed time. Block users from logging in if the allowed time is exceeded.
Windows OS Update Types Select to enable the OS update type check and select the type of update that should not be pending on the endpoint:
Critical Updates
Important Updates
Moderate Updates
Low Updates
If any of the selected updates are pending, the user will not be allowed to log in.
Windows Update option Enable Windows updates and set preferences. If updates are not installed, login will fail.
Windows Activation Select if Windows must be activated or not on the endpoint when the user is allowed to log in.
Windows License Status Select to enable the license status check and select license state. The user cannot log in if the license state is other than the selected one.
IF ANY OF THE ABOVE RULE FAILS Block the user from logging in if any of the above policy rules fail.

Modify Host Scan Policies

Click Modify on the Policies > Host Scan Policies page, to make changes in the details of the selected policy. Click Submit to save the changes.

Delete Host Scan Policies

Click Delete on the Policies > Host Scan Policies page, to remove the selected details. Click OK to confirm the action.

Note

A Host Scan Policy should not be linked to a Device Profile when it needs to be deleted.

Export Host Scan Policies

Click Export on the Policies > Host Scan Policies page, to export and download the policies list in a .CSV file format.