Enforcing Rules According to States

Endpoint Security can enforce policy rules on computers and users based on their connection and compliance state. When you create a policy rule, you can select the state or states during which this policy is enforced. By default, policies apply when the client is Connected.

States are not applicable for all blades. For example, Full Disk Encryption rules always apply and cannot change based on state. The option to create rules based on state only shows for applicable blades. If there is no applicable rule for the Disconnected or Restricted states, the Connected policy applies.

• The Connected state policy is enforced when a compliant endpoint computer connects to the Endpoint Security Management Server.
• The Disconnected state policy is enforced when an endpoint computer is not connected to the Endpoint Security Management Server.

  For example, you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources.

• The Restricted state policy is enforced when an endpoint computer is not in compliance with the enterprise security requirements. Its compliance state is moved to Restricted.

  In the Restricted state, you usually choose to prevent users from accessing some, if not all, network resources.

  You can configure restricted state policies for these blades:

  • Media Encryption & Port Protection
  • Firewall
  • Access Zones
  • Application Control