Compliance Check Objects

Each Compliance Action Rule contains a Check object that defines the actual file, process, value or condition that the Compliance component looks for.

To create a new or change an existing Check object:

1. In the Edit Properties window of a Compliance Action, click View Objects List.
2. Click New to create a new Check object, or Edit to change an existing one.
3. For Required applications and files only: When you create a new Check object, select an Object Type:
   • Required Entity Check - Add one specified file Check object.
   • Required Entity Group - Add a group of Check objects that must all be on the computer.
4. In the Compliance Check Properties window, fill in these fields.

   Option	Description
   Name	Unique name for this Check Object.
   Comment	Optional: Free text description
   Operating System	Select the operating system that this Check object is enforced on.
   Check Registry	Select one of these options to enable the registry check or clear to disable it: Registry key and value exist - Find the registry key and value. If the registry key exists, the endpoint computer is compliant for the required file. Registry key and value do not exist - Make sure the registry key and value do not exist. If the key does not exist, the endpoint computer is compliant for an application that is prohibited.
   Registry Key	Enter the registry key.
   Registry Value	Enter the registry value to match.
   Check File	Select one of these options to check if an application is running or if a file exists: File is running at all times - For example, make sure that Endpoint Security client is always running. File exists - For example, make sure that the user browsing history is always kept. File is not running - For example, make sure that DivX is not used. File does not exist - For example, make sure that a faulty DLL file is removed.
   File Name	Enter the name of the file or executable to look for. To see if this file is running or not, you must enter the full name of the executable, including the extension (either .exe or .bat).
   File Path	Enter the path without the file name. Select the Use environment Variables of logged in user option to include paths defined in the system and user variables. Do not add the "\" character at the end of the path.
   Check File Properties	Additional options to check for an existing or non-existing file.
   Match File Version	Make sure that a specific version or range of versions of the file or application complies with the file check.
   Match MD5 Checksum	Find the file by the MD5 Checksum. Click Calculate to compare the checksum on the endpoint with the checksum on the server.
   File is not older than	Select this option and enter the maximum age, in days, of the target file. If the age is greater than the maximum age, the computer is considered to be compliant. This parameter can help detect recently installed, malicious files that are disguised as legitimate files.

5. Optional: You can select or define a Remediation action for this Check object.

   The remediation action applies only to this Check object and overrides the remediation action specified in the rule. To define a Check object remediation action, select a Remediation action from the list or click Remediation tab > New to define a new one.