Policies (Windows)

Policy description and usage on Windows computers.

What is a Policy?

A Policy configuration can control the Application Updates, Application Version Freezing, Application Shortcuts, Windows Updates, and Anti-Virus Scans.

The tables below describe the configurable features and settings for Applications, Windows Updates, and Anti-Virus settings within Policies.

Policies are used to automate, schedule, or version freeze application updates. Multiple Policies can be created and assigned to different groups of computers.


Application Policy Configuration Options


Automatic Update

Update the application whenever an update is available.

Manual Update

Do not automatically update the application.

Schedule Update

Set a time and date to run an application update.

Version Freeze

Prevent any further updates from being downloaded and uninstalled for this application.

Disable Shortcuts

Shortcuts will no longer be useable, but the application can still be accessed via the Windows Start Menu and File Manager.

Disable Auto Update

Prevent automatic updates from being performed on the application.

Some updates cannot be managed by Policies. These can be managed manually under the columns 'Others' and 'Uncategorized'.

Windows Updates

Windows Updates can be manually installed or automatically. This can be configured in your Policy if, for example, you do not wish to have Faronics Deploy automatically download and install the updates; you can check the Do not manage windows updates box.

Automatic updates are listed by type with the option to Automatic Install, Set the "Automatically Install" Defferal number of deferral days for the Automatic Install (0 Days is the default), or set the update to be Denied.

Windows Updates Configuration

Windows Updates Configuration


Do Not Manage Windows Updates

Choose this if you don't want to update Windows via Faronics Deploy.

Automatic Install

Allow Faronics Deploy to handle the Windows Updates automatically.

"Automatically Install" Deferral

The number of days that the user can delay a Windows Update


Prevent individual updates from being installed.

Global Settings for All Windows Updates

Settings for all Windows Updates


Allow user to defer reboot (if required) up to 5 times

Delay a system reboot post update from 0-5 times.

Force auto reboot prior to installation if user is logged in

If selected and if the user is logged in, a system reboot will be mandatory before installing any Windows Updates.

Download and keep Windows Update ready when available

If selected, when an update becomes available, it will be downloaded and ready to install regardless of the update being set to automatic or manual.

Patch Scan Frequency

Select how often to check for Windows Patches every 6, 12, or 24 hours.

Windows 10 Additional Settings

Windows 10 Additional Settings


Choose When Updates are Installed

Choose the branch readiness level to determine when feature updates are installed.

Semi Annual Channel (Targeted) - Ready for most people.

Semi Annual Channel - Ready for widespread use in organizations.

Feature Update Deferral

A feature update includes new capabilities and improvements. You can choose how many days you would like to defer it, up to 365 days.

Quality Update Deferral

A quality update includes security improvements. You can choose how many days you would like to defer it, up to 30 days.


Anti-Virus can be enabled/disabled and configured in the Policy.

Anti-Virus is an add-on that requires a license that is not included with the Deploy Faronics license. See Setup User Profile and Organization Setting.

Anti-Virus Settings

Anti-Virus Settings



Enable Active Protection

Activate real-time protection for all computers using this Policy. Note: Make sure there is no real-time protection software is running on the computers. This includes third-party antivirus applications.

Allow user to switch off Active Protection

User can disable the active protection.

Show Active Protection Alert

Display the active protection alert when a real-time scan issue occurs.

Cleanup Action

Cleanup Action



Default Action for Infected Files


When a threat is detected, attempt to disinfect the file and quarantine if unsuccessful.


When a threat is detected, attempt to disinfect the file and delete it if unsuccessful.

Delete items from Quarantine older than

number of days

Enter the number of days after which to delete files from quarantine, between 1 and 365.

Scan Schedule

Enable/Disable the Quick Scan and Deep Scans here. The schedule can also be edited, configuring the Start time, Stop when the scan is complete (or at a specified time), days of the week to run the scan on. To configure a scan schedule, select the edit option to the right of it.

Scan Schedule Settings




Disable by unchecking

Check the box to enable the Scan Configuration.


Time at which the scheduled scan will begin.


When scan is complete.

Allow the scan to finish completely.

At specified time.

Stop the scan at a specific time.

Days of the week

Set the days of the week for the scan to run.

Scan Options

Scan Options



Randomize schedule scan start time by (2) minutes

Set the number of minutes by which to randomly change the virus scan start time. Default is set to 2 minutes.

If scan is missed

Do not perform quick scan.

Skip the quick scan.

Perform quick scan approximately (5) minutes after start-up.

Start the quick scan at the specified interval after starting up the computer. Default is set to 5 minutes.

Prompt user to perform quick scan.

Alert the user that the scan was missed and suggest performing the scan now.

Advanced Options

Advanced Options


Enable rootkit detection

Detect malware toolkits (rootkits) when scanning. Available for Deep System and Custom configuration only. Deep system scan is enabled by default.

Scan inside of archives

Scan the contents of archive files (e.g., .zip .tar files). Available for Deep System and Custom configuration only, file size limit can be set, default is 100MB.

Exclude removable drives

Don't scan external hard drives in the scan. Only available for Deep System scans.

Scan registry

Include the registry of the system in the scan. Available for Quick, Deep System, and Custom scans. Quick and Deep system scans are enabled by default.

Scan running processes

Include processes that are running in the scan. Available for Quick, Deep, and Custom scans. Quick and Deep system scans are enabled by default.

Scan Exception

Specify the files or folders that are known to be safe. By adding the files or folders, Faronics antivirus will not report the files as malicious or infected. The list displays the items that will not be reported as a virus.

USB Devices

USB Devices



Scan USB drives Upon Insertion

Interrupt active scan for USB scan (please note the interrupted scan will not resume).

Stop a scan that is being performed when a USB drive gets inserted into a machine.

Do not perform a scan if another scan is in progress (the USB device will not be scanned automatically and must be scanned manually once the ongoing scan is complete).

Don't interrupt a scan if one is already running regardless if a USB drive gets inserted.

Suppress USB scan in progress dialogue

Enable/Disable this to hide or include USB scan in the progress dialogue.

Remove Anti-Virus

Remove Anti-Virus from all computers on this Policy.

Firewall Settings and Rules

Firewall Protection Settings

Firewall Protection Settings



Enable Firewall Protection

Firewall protection prevents hackers or malicious software from gaining access to your computer.

Allow user to disable firewall.

Checking this box disables the firewall.

Enable firewall logging.

Checking this box enables logs to be generated and stored by the firewall.

Program Rules

Program Rules define the action taken by the firewall on the network activity to and from the application. Program Rules have priority over the default rules. Default rules can be edited but cannot be deleted.

Network Rules

Network Rules define the action taken by the firewall on the network activity. Network Rules can be edited but cannot be deleted.

Advanced Rules

Advanced Rules are processed in the order in which they are listed. Pre-defined Advanced Rules are generated for you. Any user-defined advanced rules will take precedence over the Pre-defined Advanced Rules.

Trusted Zones

Trusted Zones specify computers, networks, and IP addresses that are safe. Trusted Zone and Internet (Non-Trusted) can be treated differently by Application and Network Rules.

Computer Settings

User Action

User Action



Show taskbar icon

Display the Anti-Virus taskbar icon if selected.

Allow manual scanning

Provides the user with the option to manually scan for viruses if selected.

Allow user to take action on scan results

Provides the user with the option to take action on the scan results if selected.

Allow user to abort scan initiated locally

Provides the user the option to stop a scan that is running from their computer locally.

Cache Server

Cache Server



Use Anti-Virus Cache Server

Enable at least one computer as an AV cache server from the Control Grid Action Toolbar to enable the Faronics Deploy Anti-Virus Cache Server.

Server Name

Select the name of the computer which will become the Faronics Deploy Anti-Virus Cache Server.

Server IP

Enter the IP Address of the server which will become the Faronics Deploy Anti -Virus Cache Server.

Windows Security Center

Windows Security Center


Integrate Into Windows Security Center

Allow the Faronics Deploy Anti-Virus to integrate with the Windows Security Center.

Log Actions

Log Actions



All Deploy Anti-Virus to generate logs.

Last updated