Each Compliance Action Rule contains a Check object that defines the actual file, process, value or condition that the Compliance blade looks for.
To create a new or change an existing Check object:
Option |
Description |
---|---|
Name |
Unique name for this Check Object. |
Comment |
Optional: Free text description |
Operating System |
Select the operating system that this Check object is enforced on. |
Check Registry |
Select one of these options to enable the registry check or clear to disable it: Registry key and value exist - Find the registry key and value. If the registry key exists, the endpoint computer is compliant for the required file. Registry key and value do not exist - Make sure the registry key and value do not exist. If the key does not exist, the endpoint computer is compliant for an application that is prohibited. |
Registry Key |
Enter the registry key. |
Registry Value |
Enter the registry value to match. |
Check File |
Select one of these options to check if an application is running or if a file exists: File is running at all times - For example, make sure that Endpoint Security client is always running. File exists - For example, make sure that the user browsing history is always kept. File is not running - For example, make sure that DivX is not used. File does not exist - For example, make sure that a faulty DLL file is removed. |
File Name |
Enter the name of the file or executable to look for. To see if this file is running or not, you must enter the full name of the executable, including the extension (either .exe or .bat). |
File Path |
Enter the path without the file name. Select the Use environment Variables of logged in user option to include paths defined in the system and user variables. Do not add the "\" character at the end of the path. |
Check File Properties |
Additional options to check for an existing or non-existing file. |
Match File Version |
Make sure that a specific version or range of versions of the file or application complies with the file check. |
Match MD5 Checksum |
Find the file by the MD5 Checksum. Click Calculate to compare the checksum on the endpoint with the checksum on the server. |
File is not older than |
Select this option and enter the maximum age, in days, of the target file. If the age is greater than the maximum age, the computer is considered to be compliant. This parameter can help detect recently installed, malicious files that are disguised as legitimate files. |
The remediation action applies only to this Check object and overrides the remediation action specified in the rule. To define a Check object remediation action, select a Remediation action from the list or click Remediation tab > New to define a new one.