Links

Policies (Windows)

Policy description and usage on Windows computers.

What is a Policy?

A Policy configuration can control the Application Updates, Application Version Freezing, Application Shortcuts, Windows Updates, and Anti-Virus Scans.
The tables below describe the configurable features and settings for Applications, Windows Updates, and Anti-Virus settings within Policies.
Policies are used to automate, schedule, or version freeze application updates. Multiple Policies can be created and assigned to different groups of computers.

Applications

Application Policy Configuration Options
Description
Automatic Update
Update the application whenever an update is available.
Manual Update
Do not automatically update the application.
Schedule Update
Set a time and date to run an application update.
Version Freeze
Prevent any further updates from being downloaded and uninstalled for this application.
Disable Shortcuts
Shortcuts will no longer be useable, but the application can still be accessed via the Windows Start Menu and File Manager.
Disable Auto Update
Prevent automatic updates from being performed on the application.
Some updates cannot be managed by Policies. These can be managed manually under the columns 'Others' and 'Uncategorized'.

Windows Updates

Windows Updates can be manually installed or automatically. This can be configured in your Policy if, for example, you do not wish to have Faronics Deploy automatically download and install the updates; you can check the Do not manage windows updates box.
Automatic updates are listed by type with the option to Automatic Install, Set the "Automatically Install" Defferal number of deferral days for the Automatic Install (0 Days is the default), or set the update to be Denied.

Windows Updates Configuration

Windows Updates Configuration
Description
Do Not Manage Windows Updates
Choose this if you don't want to update Windows via Faronics Deploy.
Automatic Install
Allow Faronics Deploy to handle the Windows Updates automatically.
"Automatically Install" Deferral
The number of days that the user can delay a Windows Update
Denied
Prevent individual updates from being installed.

Global Settings for All Windows Updates

Settings for all Windows Updates
Description
Allow user to defer reboot (if required) up to 5 times
Delay a system reboot post update from 0-5 times.
Force auto reboot prior to installation if user is logged in
If selected and if the user is logged in, a system reboot will be mandatory before installing any Windows Updates.
Download and keep Windows Update ready when available
If selected, when an update becomes available, it will be downloaded and ready to install regardless of the update being set to automatic or manual.
Patch Scan Frequency
Select how often to check for Windows Patches every 6, 12, or 24 hours.

Windows 10 Additional Settings

Windows 10 Additional Settings
Description
Choose When Updates are Installed
Choose the branch readiness level to determine when feature updates are installed.
Semi Annual Channel (Targeted) - Ready for most people.
Semi Annual Channel - Ready for widespread use in organizations.
Feature Update Deferral
A feature update includes new capabilities and improvements. You can choose how many days you would like to defer it, up to 365 days.
Quality Update Deferral
A quality update includes security improvements. You can choose how many days you would like to defer it, up to 30 days.

Anti-Virus

Anti-Virus can be enabled/disabled and configured in the Policy.
Anti-Virus is an add-on that requires a license that is not included with the Deploy Faronics license. See Setup User Profile and Organization Setting.

Anti-Virus Settings

Anti-Virus Settings
Options
Description
Enable Active Protection
Activate real-time protection for all computers using this Policy. Note: Make sure there is no real-time protection software is running on the computers. This includes third-party antivirus applications.
Allow user to switch off Active Protection
User can disable the active protection.
Show Active Protection Alert
Display the active protection alert when a real-time scan issue occurs.

Cleanup Action

Cleanup Action
Options
Description
Default Action for Infected Files
Clean/Quarantine
When a threat is detected, attempt to disinfect the file and quarantine if unsuccessful.
Clean/Delete
When a threat is detected, attempt to disinfect the file and delete it if unsuccessful.
Delete items from Quarantine older than
number of days
Enter the number of days after which to delete files from quarantine, between 1 and 365.

Scan Schedule

Enable/Disable the Quick Scan and Deep Scans here. The schedule can also be edited, configuring the Start time, Stop when the scan is complete (or at a specified time), days of the week to run the scan on. To configure a scan schedule, select the edit option to the right of it.
Scan Schedule Settings
Options
Description
Enable
Disable by unchecking
Check the box to enable the Scan Configuration.
Start
Time at which the scheduled scan will begin.
Stop
When scan is complete.
Allow the scan to finish completely.
At specified time.
Stop the scan at a specific time.
Days of the week
Set the days of the week for the scan to run.

Scan Options

Scan Options
Options
Description
Randomize schedule scan start time by (2) minutes
Set the number of minutes by which to randomly change the virus scan start time. Default is set to 2 minutes.
If scan is missed
Do not perform quick scan.
Skip the quick scan.
Perform quick scan approximately (5) minutes after start-up.
Start the quick scan at the specified interval after starting up the computer. Default is set to 5 minutes.
Prompt user to perform quick scan.
Alert the user that the scan was missed and suggest performing the scan now.

Advanced Options

Advanced Options
Description
Enable rootkit detection
Detect malware toolkits (rootkits) when scanning. Available for Deep System and Custom configuration only. Deep system scan is enabled by default.
Scan inside of archives
Scan the contents of archive files (e.g., .zip .tar files). Available for Deep System and Custom configuration only, file size limit can be set, default is 100MB.
Exclude removable drives
Don't scan external hard drives in the scan. Only available for Deep System scans.
Scan registry
Include the registry of the system in the scan. Available for Quick, Deep System, and Custom scans. Quick and Deep system scans are enabled by default.
Scan running processes
Include processes that are running in the scan. Available for Quick, Deep, and Custom scans. Quick and Deep system scans are enabled by default.

Scan Exception

Specify the files or folders that are known to be safe. By adding the files or folders, Faronics antivirus will not report the files as malicious or infected. The list displays the items that will not be reported as a virus.

USB Devices

USB Devices
Options
Description
Scan USB drives Upon Insertion
Interrupt active scan for USB scan (please note the interrupted scan will not resume).
Stop a scan that is being performed when a USB drive gets inserted into a machine.
Do not perform a scan if another scan is in progress (the USB device will not be scanned automatically and must be scanned manually once the ongoing scan is complete).
Don't interrupt a scan if one is already running regardless if a USB drive gets inserted.
Suppress USB scan in progress dialogue
Enable/Disable this to hide or include USB scan in the progress dialogue.

Remove Anti-Virus

Remove Anti-Virus from all computers on this Policy.

Firewall Settings and Rules

Firewall Protection Settings

Firewall Protection Settings
Options
Description
Enable Firewall Protection
Firewall protection prevents hackers or malicious software from gaining access to your computer.
Allow user to disable firewall.
Checking this box disables the firewall.
Enable firewall logging.
Checking this box enables logs to be generated and stored by the firewall.

Program Rules

Program Rules define the action taken by the firewall on the network activity to and from the application. Program Rules have priority over the default rules. Default rules can be edited but cannot be deleted.

Network Rules

Network Rules define the action taken by the firewall on the network activity. Network Rules can be edited but cannot be deleted.

Advanced Rules

Advanced Rules are processed in the order in which they are listed. Pre-defined Advanced Rules are generated for you. Any user-defined advanced rules will take precedence over the Pre-defined Advanced Rules.

Trusted Zones

Trusted Zones specify computers, networks, and IP addresses that are safe. Trusted Zone and Internet (Non-Trusted) can be treated differently by Application and Network Rules.

Computer Settings

User Action

User Action
Options
Description
Show taskbar icon
Display the Anti-Virus taskbar icon if selected.
Allow manual scanning
Provides the user with the option to manually scan for viruses if selected.
Allow user to take action on scan results
Provides the user with the option to take action on the scan results if selected.
Allow user to abort scan initiated locally
Provides the user the option to stop a scan that is running from their computer locally.

Cache Server

Cache Server
Options
Description
Use Anti-Virus Cache Server
Enable at least one computer as an AV cache server from the Control Grid Action Toolbar to enable the Faronics Deploy Anti-Virus Cache Server.
Server Name
Select the name of the computer which will become the Faronics Deploy Anti-Virus Cache Server.
Server IP
Enter the IP Address of the server which will become the Faronics Deploy Anti -Virus Cache Server.

Windows Security Center

Windows Security Center
Description
Integrate Into Windows Security Center
Allow the Faronics Deploy Anti-Virus to integrate with the Windows Security Center.

Log Actions

Log Actions
Description
Enable
All Deploy Anti-Virus to generate logs.