Working with Rules

A rule is a set of predefined actions that a Software Blade does to enforce security on specified users and computers. Each Software Blade has one default rule that applies to all endpoint computers and users that are not assigned to a different rule. You can change the default rule settings, but you cannot delete it.

Each rule contains one or more:

• Scope definitions that assign the rule to specified users and computers.
• Action definitions that define the Software Blade behavior when enforcing security.

Inheritance and Rule Priority

The default rule, located at the top of each blade section, applies to all users and computers that are not protected by a different rule. User-defined rules show below the default rule.

Endpoint Security assigns the matching first rule (after the default rule) for each blade.

The first Other Rule that a user or computer matches for each blade is applied. If no Other Rule matches, the default rule applies.

For example, user Jane Collins is in the Human Resources department and uses a laptop.

• In the rules for Full Disk Encryption, a rule for All Laptops is the first rule that Jane matches. Its settings are applied.
• In the rules for Firewall, a rule for Human Resources is the first rule that Jane matches. Its settings are applied.
• In the rules for Anti-Malware, there are no Other Rules that match Jane. The Default Rule applies.

Make sure that rules for specified users or computers are located above those for groups and containers they are members of. For example:

• If you require a rule for the company CEO, make sure to put that rule above rules for groups that the CEO belongs to.
• If you create rules for servers, make sure the rules are above all other rules that might include servers as part of a group or Network.

Creating New Policy Rules

Each Software Blade has a default rule in the Policy Rule Base. The default rule applies to the Entire Organization unless there are Other Rules that match a user or computer.

If you create more rules for a blade, the first rule that a user or computer matches in the Other Rules section is applied.

To create a new policy rule:

1. Right-click in a policy rule to create a new rule for the same blade.

   The Create Rule Wizard opens.

2. On the Select Enforcement state page, select Add Rule for and select a state:
   • When Connected
   • When Disconnected (only shows when applicable for that blade)
   • When Restricted (only shows when applicable for that blade)
3. On the Select Entities page, select those OUs, groups or individuals that this rule applies to.
4. On the Change Policy Actions, right-click the applicable actions and configure as necessary.
5. On the Finish page, enter a descriptive Name and optionally Comments.
6. Click Finish.
7. Click Install to install the policy on Endpoint Security clients.