Faronics Deploy Docs
Deploy HomeDeploy Sign inSubmit a ticket
  • About Faronics Deploy
  • Highlights
    • Top 10 Trending Topics
    • What's New?
  • Getting Started
    • Quick Start Guide
      • System Requirements
      • Initial Setup and Configuration
        • Sign Up - Create a Faronics Deploy Account
        • Download and Install Deploy Agents
          • Windows Install Guide
            • Download MSI Installer to Deploy via Active Directory
          • Mac Install Guide
        • Login to Deploy for the First Time
        • Configure User Profile and Organization Settings
          • How to Configure your User Profile
          • How to Configure your Organization Settings
        • Add Administrators - Invite your Team and Assign Roles
        • Manage Tags
          • Apply a Tag
    • Navigating the User Interface
      • Deploy User Interface Views
        • Control Grid
          • Dashboard View
          • Applications View
          • Windows Updates View
          • OS Deployment View
          • Anti-Virus View
          • Inventory View
          • Policies View
        • Analytics
          • Applications View
          • Usage Reports View
          • Windows Updates Status View
          • Anti-Virus Reports View
          • Deploy Diagnostics View
        • Tickets View
        • Tasks View
      • Using the Control/Smart Grids
      • Using the Action Toolbar
      • Computer States and Actions
        • Handling Offline Computers
        • Wake-On-LAN
          • Designate Last Man Standing (LMS) computers
      • Light Mode/Dark Mode View
  • Feature Definitions and Glossary
  • Action Toolbar
  • App Preset
  • Custom App
  • Policies (Windows)
  • Policies (macOS)
  • Policy Update Mode
  • Application Management
    • Applications Overview
    • Navigating the Applications Control Grid
    • Cache Server: Save Bandwidth
    • Groups Configuration
      • Create a Group
      • Delete a Group
      • Add Computer(s) to a Group
        • Assign a Computer to a Group via the Deploy Agent Download and Install
        • Assign Computers to a Group After they Appear in the Dashboard
        • Group Computers Using a Naming Convention
        • Group Computers Based on Criteria in Inventory
      • Perform Actions on a Group of Computers
        • Perform Actions via the Action Toolbar on a Group of Computers
    • Install, Uninstall & Update Applications
      • Install Application(s)
        • Install Built-In Application(s)
        • Install an Application on All Computers in Deploy
        • Install an Application Using Winget
          • Enable and Install Winget
          • Install an Application Using the Winget Tool
        • Install an External Application (Custom App)
          • Create and Install a Custom App
            • Hosting a Custom App - URL or Network Path
          • Edit a Custom App
          • Copy a Custom App
          • Request Assistance From a Deployment Specialist
          • Example: Installing MS Office 365 as a Custom App
        • Install a Pre-Defined Group of Applications (App Presets)
          • Create an App Preset
          • Install an App Preset
          • Manage App Presets
        • Install an Application on a Group of Computers
        • Schedule an Install of Application(s)
          • Schedule an Install of an Application
          • Schedule an Install of Multiple Applications
      • Uninstall Application(s)
        • Uninstall an Application From a Group of Computers
        • Uninstall an Application From all Computers
        • Schedule an Uninstall
      • Update Application(s)
        • Performing Updates On-Demand
        • Update via Apps with Recent Updates Grid
        • Update Applications Using Policy Modes
    • Application Management for macOS
      • Install Application on macOS
        • Install Built-In Application(s) on macOS
        • Install a Custom App (External) on macOS
          • Create and Install a Custom App on macOS
      • Update an Application on macOS
      • Uninstall Application on macOS
      • Shell Scripts on macOS
  • WINDOWS UPDATES
    • Navigating the Windows Updates Control Grid
  • Manual Windows Updates Approval
    • Manually Approve All Windows Updates for All Computers (Install All Updates)
    • Manually Install Windows Updates on a Group of Computers
    • Manually Approve a Windows Update Category (in a Policy) for all Computers
    • Manually Approve an Individual Windows Update in a Policy for All Computers
    • Manually Approve or Deny Individual Windows Updates via Pending Windows Updates
    • Patch Scan (On-Demand)
  • Automated Windows Updates Approval
    • Automated Windows Updates Using Policies
    • Automated Windows Updates Use Case: Testing Patches
    • Patch Scan (Using a Policy)
  • OS DEPLOYMENT
    • Navigating the OS Deployment Control Grid
    • Imaging Utility Requirements
    • Getting Images Ready for Deployment
      • Loading Images from ISO Files
        • Download and Install the Faronics Deploy Imaging Server Tool
        • Loading ISO Image Files via the Faronics Deploy Imaging Tool
      • Building Images for Deployment - Template Machine
    • Capturing Images
    • Deployment Packages
      • Deployment Package Install Settings
    • Post Imaging Actions
    • USB Media Creator
      • Generate a Portable USB Creator (Used to Create a Recovery USB Drive)
      • Create a Recovery USB Flash Drive from a Portable USB Creator
    • Inject Drivers into the boot.wim File
    • Abort the Sysprep Task
  • OS MANAGEMENT
  • OS Management Overview
  • Create a Configuration
    • System and Security
    • Network and Internet
    • Hardware
    • User Accounts
    • Appearance and Personalization
    • Clock and Region
    • Ease of Access
    • Others
  • Apply a Configuration to a Group of Computers
  • Custom Scripts - PowerShell, VB, Batch, Executable [.exe]
    • Custom Scripts Library
      • Quick Guide to Self-Hosting Custom Scripts
      • Send Message
      • Rename Multiple Computers
      • Show All Notification Icons
      • Hide Task View
      • Hide Recent Apps
      • Hide People Taskbar
      • Disable Cortana
      • Google Chrome Ad Blocker Extension
        • Create a Custom Script to Install any Google Chrome Extension
      • Uninstall Windows Updates
      • Auto Logon
      • Disable the UltraVNC System Tray Icon
      • Install Printer Driver Silently
  • Policies - Scheduling and Automation
    • Update modes - Automatic, Scheduled, Adhoc
    • Create a Policy
      • Create a Windows Policy
      • Create a macOS Policy
      • Create a New Policy (MDM)
        • Global Settings (MDM)
    • Maintenance Mode
    • End-User Experience: Defer Updates and Reboots
    • Protecting the Deploy Agent
  • ANTI-VIRUS & FIREWALL
    • Faronics Anti Virus & Firewall Protection Configuration
      • Anti-Virus Settings
      • Firewall Settings
      • Computer Settings
  • Upgrade Anti-Virus Software
  • Restore or Delete Quarantined Files
  • INVENTORY
    • Inventory
      • View Details
    • Organize Computers Using Inventory Data
    • Retrieve MSInfo Reports Using the Deploy Console
    • Inventory Data Update - Heartbeat + On-Demand
    • Quickly View Installed Applications
    • Organize Inventory by Active Directory Group Membership / Organization User Membership
  • ANALYTICS
    • Usage Statistics Reports
      • Application Usage Report
      • Application Update Status Report
      • Installed Applications Report
      • Computer Usage Report
      • Login Summary Report
      • Windows Update Status Report
  • REMOTE ACCESS - RDP / VNC
    • Remote Access Requirements - Ports and Networking
    • Remote Pro
    • VNC - Initial Setup
    • Using VNC - Virtual Network Computing
    • Using RDP - Remote Desktop Protocol
    • Remote View the Screen of a Computer (Configure Refresh Rate & Monitor Selection)
  • TASKS
    • Task History
    • Scheduled Tasks
      • Assign a Scheduled Task
      • Delete a Recurring Scheduled Task
      • Cancel a One Time or Recurring Scheduled Task
    • Schedule a One Time Task
    • Schedule a Recurring Task
    • Schedule a Custom Script to Run on Every Reboot
  • Help Desk Tickets
    • Enabling Ticketing
      • Enable Ticketing for Your Organization
        • Enable Email Alerts for Incoming Tickets
      • Enable Ticketing for a User
      • Ticketing Emails
    • Ticket Actions
      • Create a Ticket
      • Edit a Ticket
      • Add a Note to a Ticket
      • Assign Ticket (To a User)
      • Assign Owner (To a Ticket)
      • Change Status of a Ticket (Open, In Progress, Closed)
      • Download a File Attached to a Ticket
      • View a Ticket
      • View History
      • Export a Report of All Tickets to a CSV File
      • Remote Access a Computer via a Ticket
    • Ticketing - Mapping Email IDs
    • Fair Use Policy - Ticketing
  • User Management
    • User Roles
    • Add Users
      • Add a User via Email
      • Add a User/Group via Active Directory
    • Configure SAML (Verify Users for External Applications)
  • Organization Settings
    • 2FA - Two Factor Authentication
    • Accessibility
  • Mobile Device Management
    • Overview
    • Device Configuration
      • MDM Set up
      • Enroll Standard Device
        • Mobile Browser
        • iOS App
        • Apple Configurator
        • Email
      • Enroll Lite Device
    • Apple Devices
    • Apple Lite Devices
    • Apps & Docs
      • Applications
      • Shared Documents
    • Settings
      • Networks
      • Personalization
      • Accounts
    • Device Actions
    • Action Toolbar
Powered by GitBook
On this page
  • What is a Policy?
  • Applications
  • Windows Updates
  • Windows Updates Configuration
  • Global Settings for All Windows Updates
  • Windows 10 Additional Settings
  • Anti-Virus
  • Anti-Virus Settings
  • Firewall Settings and Rules
  • Computer Settings

Policies (Windows)

Policy description and usage on Windows computers.

PreviousCustom AppNextPolicies (macOS)

Last updated 10 months ago

What is a Policy?

A Policy configuration can control the Application Updates, Application Version Freezing, Application Shortcuts, Windows Updates, and Anti-Virus Scans.

The tables below describe the configurable features and settings for , , and settings within Policies.

Policies are used to automate, schedule, or version freeze application updates. Multiple Policies can be created and assigned to different groups of computers.

Applications

Application Policy Configuration Options

Description

Automatic Update

Update the application whenever an update is available.

Manual Update

Do not automatically update the application.

Schedule Update

Set a time and date to run an application update.

Version Freeze

Prevent any further updates from being downloaded and uninstalled for this application.

Disable Shortcuts

Shortcuts will no longer be useable, but the application can still be accessed via the Windows Start Menu and File Manager.

Disable Auto Update

Prevent automatic updates from being performed on the application.

Some updates cannot be managed by Policies. These can be managed manually under the columns 'Others' and 'Uncategorized'.

Windows Updates

Windows Updates can be manually installed or automatically. This can be configured in your Policy if, for example, you do not wish to have Faronics Deploy automatically download and install the updates; you can check the Do not manage windows updates box.

Automatic updates are listed by type with the option to Automatic Install, Set the "Automatically Install" Defferal number of deferral days for the Automatic Install (0 Days is the default), or set the update to be Denied.

Windows Updates Configuration

Windows Updates Configuration

Description

Do Not Manage Windows Updates

Choose this if you don't want to update Windows via Faronics Deploy.

Automatic Install

Allow Faronics Deploy to handle the Windows Updates automatically.

"Automatically Install" Deferral

The number of days that the user can delay a Windows Update

Denied

Prevent individual updates from being installed.

Global Settings for All Windows Updates

Settings for all Windows Updates

Description

Allow user to defer reboot (if required) up to 5 times

Delay a system reboot post update from 0-5 times.

Force auto reboot prior to installation if user is logged in

If selected and if the user is logged in, a system reboot will be mandatory before installing any Windows Updates.

Download and keep Windows Update ready when available

If selected, when an update becomes available, it will be downloaded and ready to install regardless of the update being set to automatic or manual.

Patch Scan Frequency

Select how often to check for Windows Patches every 6, 12, or 24 hours.

Windows 10 Additional Settings

Windows 10 Additional Settings

Description

Choose When Updates are Installed

Choose the branch readiness level to determine when feature updates are installed.

Semi Annual Channel (Targeted) - Ready for most people.

Semi Annual Channel - Ready for widespread use in organizations.

Feature Update Deferral

A feature update includes new capabilities and improvements. You can choose how many days you would like to defer it, up to 365 days.

Quality Update Deferral

A quality update includes security improvements. You can choose how many days you would like to defer it, up to 30 days.

Anti-Virus

Anti-Virus can be enabled/disabled and configured in the Policy.

Anti-Virus Settings

Anti-Virus Settings

Options

Description

Enable Active Protection

Activate real-time protection for all computers using this Policy. Note: Make sure there is no real-time protection software is running on the computers. This includes third-party antivirus applications.

Allow user to switch off Active Protection

User can disable the active protection.

Show Active Protection Alert

Display the active protection alert when a real-time scan issue occurs.

Cleanup Action

Cleanup Action

Options

Description

Default Action for Infected Files

Clean/Quarantine

When a threat is detected, attempt to disinfect the file and quarantine if unsuccessful.

Clean/Delete

When a threat is detected, attempt to disinfect the file and delete it if unsuccessful.

Delete items from Quarantine older than

number of days

Enter the number of days after which to delete files from quarantine, between 1 and 365.

Scan Schedule

Enable/Disable the Quick Scan and Deep Scans here. The schedule can also be edited, configuring the Start time, Stop when the scan is complete (or at a specified time), days of the week to run the scan on. To configure a scan schedule, select the edit option to the right of it.

Scan Schedule Settings

Options

Description

Enable

Disable by unchecking

Check the box to enable the Scan Configuration.

Start

Time at which the scheduled scan will begin.

Stop

When scan is complete.

Allow the scan to finish completely.

At specified time.

Stop the scan at a specific time.

Days of the week

Set the days of the week for the scan to run.

Scan Options

Scan Options

Options

Description

Randomize schedule scan start time by (2) minutes

Set the number of minutes by which to randomly change the virus scan start time. Default is set to 2 minutes.

If scan is missed

Do not perform quick scan.

Skip the quick scan.

Perform quick scan approximately (5) minutes after start-up.

Start the quick scan at the specified interval after starting up the computer. Default is set to 5 minutes.

Prompt user to perform quick scan.

Alert the user that the scan was missed and suggest performing the scan now.

Advanced Options

Advanced Options

Description

Enable rootkit detection

Detect malware toolkits (rootkits) when scanning. Available for Deep System and Custom configuration only. Deep system scan is enabled by default.

Scan inside of archives

Scan the contents of archive files (e.g., .zip .tar files). Available for Deep System and Custom configuration only, file size limit can be set, default is 100MB.

Exclude removable drives

Don't scan external hard drives in the scan. Only available for Deep System scans.

Scan registry

Include the registry of the system in the scan. Available for Quick, Deep System, and Custom scans. Quick and Deep system scans are enabled by default.

Scan running processes

Include processes that are running in the scan. Available for Quick, Deep, and Custom scans. Quick and Deep system scans are enabled by default.

Scan Exception

Specify the files or folders that are known to be safe. By adding the files or folders, Faronics antivirus will not report the files as malicious or infected. The list displays the items that will not be reported as a virus.

USB Devices

USB Devices

Options

Description

Scan USB drives Upon Insertion

Interrupt active scan for USB scan (please note the interrupted scan will not resume).

Stop a scan that is being performed when a USB drive gets inserted into a machine.

Do not perform a scan if another scan is in progress (the USB device will not be scanned automatically and must be scanned manually once the ongoing scan is complete).

Don't interrupt a scan if one is already running regardless if a USB drive gets inserted.

Suppress USB scan in progress dialogue

Enable/Disable this to hide or include USB scan in the progress dialogue.

Remove Anti-Virus

Remove Anti-Virus from all computers on this Policy.

Firewall Settings and Rules

Firewall Protection Settings

Firewall Protection Settings

Options

Description

Enable Firewall Protection

Firewall protection prevents hackers or malicious software from gaining access to your computer.

Allow user to disable firewall.

Checking this box disables the firewall.

Enable firewall logging.

Checking this box enables logs to be generated and stored by the firewall.

Program Rules

Program Rules define the action taken by the firewall on the network activity to and from the application. Program Rules have priority over the default rules. Default rules can be edited but cannot be deleted.

Network Rules

Network Rules define the action taken by the firewall on the network activity. Network Rules can be edited but cannot be deleted.

Advanced Rules

Advanced Rules are processed in the order in which they are listed. Pre-defined Advanced Rules are generated for you. Any user-defined advanced rules will take precedence over the Pre-defined Advanced Rules.

Trusted Zones

Trusted Zones specify computers, networks, and IP addresses that are safe. Trusted Zone and Internet (Non-Trusted) can be treated differently by Application and Network Rules.

Computer Settings

User Action

User Action

Options

Description

Show taskbar icon

Display the Anti-Virus taskbar icon if selected.

Allow manual scanning

Provides the user with the option to manually scan for viruses if selected.

Allow user to take action on scan results

Provides the user with the option to take action on the scan results if selected.

Allow user to abort scan initiated locally

Provides the user the option to stop a scan that is running from their computer locally.

Cache Server

Cache Server

Options

Description

Use Anti-Virus Cache Server

Enable at least one computer as an AV cache server from the Control Grid Action Toolbar to enable the Faronics Deploy Anti-Virus Cache Server.

Server Name

Select the name of the computer which will become the Faronics Deploy Anti-Virus Cache Server.

Server IP

Enter the IP Address of the server which will become the Faronics Deploy Anti -Virus Cache Server.

Windows Security Center

Windows Security Center

Description

Integrate Into Windows Security Center

Allow the Faronics Deploy Anti-Virus to integrate with the Windows Security Center.

Log Actions

Log Actions

Description

Enable

All Deploy Anti-Virus to generate logs.

Anti-Virus is an add-on that requires a license that is not included with the Deploy Faronics license. See .

Applications
Windows Updates
Anti-Virus
Setup User Profile and Organization Setting