Print Download PDF Send Feedback

Previous

Next

Compliance Check Objects

Each Compliance Action Rule contains a Check object that defines the actual file, process, value or condition that the Compliance blade looks for.

To create a new or change an existing Check object:

  1. In the Edit Properties window of a Compliance Action, click View Objects List.
  2. Click New to create a new Check object, or Edit to change an existing one.
  3. For Required applications and files only: When you create a new Check object, select an Object Type:
    • Required Entity Check - Add one specified file Check object.
    • Required Entity Group - Add a group of Check objects that must all be on the computer.
  4. In the Compliance Check Properties window, fill in these fields.

    Option

    Description

    Name

    Unique name for this Check Object.

    Comment

    Optional: Free text description

    Operating System

    Select the operating system that this Check object is enforced on.

    Check Registry

    Select one of these options to enable the registry check or clear to disable it:

    Registry key and value exist - Find the registry key and value.

    If the registry key exists, the endpoint computer is compliant for the required file.

    Registry key and value do not exist - Make sure the registry key and value do not exist.

    If the key does not exist, the endpoint computer is compliant for an application that is prohibited.

    Registry Key

    Enter the registry key.

    Registry Value

    Enter the registry value to match.

    Check File

    Select one of these options to check if an application is running or if a file exists:

    File is running at all times - For example, make sure that Endpoint Security client is always running.

    File exists - For example, make sure that the user browsing history is always kept.

    File is not running - For example, make sure that DivX is not used.

    File does not exist - For example, make sure that a faulty DLL file is removed.

    File Name

    Enter the name of the file or executable to look for. To see if this file is running or not, you must enter the full name of the executable, including the extension (either .exe or .bat).

    File Path

    Enter the path without the file name.

    Select the Use environment Variables of logged in user option to include paths defined in the system and user variables.

    Do not add the "\" character at the end of the path.

    Check File Properties

    Additional options to check for an existing or non-existing file.

    Match File Version

    Make sure that a specific version or range of versions of the file or application complies with the file check.

    Match MD5 Checksum

    Find the file by the MD5 Checksum. Click Calculate to compare the checksum on the endpoint with the checksum on the server.

    File is not older than

    Select this option and enter the maximum age, in days, of the target file. If the age is greater than the maximum age, the computer is considered to be compliant. This parameter can help detect recently installed, malicious files that are disguised as legitimate files.

  5. Optional: You can select or define a Remediation action for this Check object.

    The remediation action applies only to this Check object and overrides the remediation action specified in the rule. To define a Check object remediation action, select a Remediation action from the list or click Remediation tab > New to define a new one.