Enforcing Policies Flashcards
What is a policy?
A collection of settings for your managed point products that you create and configure, and then enforce
What are the two default policies that are always included in every category?
McAfee Default and My Default
When do managed systems receive policy changes (updates or different assignments) from ePO?
During Agent to Server communications
What are the times that policy enforcement can happen?
-Instantly
EX: The on access scan policy occurs when you start any application
-At ASC or PEI
EX: Product Deployment policy runs to confirm that the installed software versions on the managed systems match the versions on the Master Repository. If a new version is available, it is downloaded to all systems
-At configured Client Task intervals
EX: On-demand scan policy, by default, runs every day at midnight to scan all your managed systems for threats
How are policies assigned to systems?
Either by:
Inheritance - When a system or group of systems takes its policy settings from its parent group
or
Assignment - When an administrator assigns a policy to a system or group of systems. You can define a policy once for a specific need, then apply it to multiple locations
Is there a way to prevent the inheritance of policies from being broken on the systems/groups that are intended to inherit them?
Yes, you can lock inheritance at any level of the system tree
How does ownership affect policies?
- The user that creates a policy is the assigned owner of that policy (if an admin creates it, it is simply owned by “administrators”)
- You must have the correct permissions to edit a policy you don’t own
- If you assign a policy you don’t own, and the owner modifies the policy, all systems that were assigned the policy receive the modifications
What are the two different types of policy assignment rules?
User-based policies - Policies that are assigned with a user or group of users as the criteria. (Can also include system-based criteria)
System-based policies - Policies assigned based on specific locations in the system tree or based on tag applications (or both)
What is a policy assignment rule?
A way to assign policies at a granular level without having to break inheritance.
An example of this would be if you had systems that were spread out into different locations throughout the system tree, and you wanted them to all have a certain policy, but you don’t want to compromise their current location in the system tree by creating a new group. You could utilize a system based PAR by assigning a specific tag to all of these systems and then creating the rule based on the assignment criteria of the aformentioned tag
What is a multi-slot policy?
A way to send more than 1 policy of a particular policy type to the client system.
Example: Assigning more than one Firewall rules policy, which will be merged and enforced on the client system
How do User-based policy assignment rules work?
You create user specific policy assignments that are enforced at the target system when a user logs on
T/F: You can make User-Based policy assignments immediately after installing ePO?
False, you must first register and configured an LDAP server for use with your ePO server
Describe a way to automate the creation of SuperAgents by utilizing the Tag and PAR features
Create an ‘isSuperAgent’ tag with a tag criteria based on the system attributes that you want your SuperAgents to possess.
Run the Tag Criteria so that it will be assigned to the applicable systems
Create a PAR at the My Organization level and then use the ‘isSuperAgent’ tag as the assignment criteria
T/F: If you create a PAR with a tag as a criteria, all systems that have been assigned that tag will receive the policy assignment immediately post creation of the rule
False, the systems will not receive the policy until they’ve checked into ePO
T/F: You can create policies for a product prior to deploying it
True