Policies (Windows)
Policy description and usage on Windows computers.
A Policy configuration can control the Application Updates, Application Version Freezing, Application Shortcuts, Windows Updates, and Anti-Virus Scans.
The tables below describe the configurable features and settings for Applications, Windows Updates, and Anti-Virus settings within Policies.
Policies are used to automate, schedule, or version freeze application updates. Multiple Policies can be created and assigned to different groups of computers.
Application Policy Configuration Options | Description |
Automatic Update | Update the application whenever an update is available. |
Manual Update | Do not automatically update the application. |
Schedule Update | Set a time and date to run an application update. |
Version Freeze | Prevent any further updates from being downloaded and uninstalled for this application. |
Disable Shortcuts | Shortcuts will no longer be useable, but the application can still be accessed via the Windows Start Menu and File Manager. |
Disable Auto Update | Prevent automatic updates from being performed on the application. |
Some updates cannot be managed by Policies. These can be managed manually under the columns 'Others' and 'Uncategorized'.
Windows Updates can be manually installed or automatically. This can be configured in your Policy if, for example, you do not wish to have Faronics Deploy automatically download and install the updates; you can check the Do not manage windows updates box.
Automatic updates are listed by type with the option to Automatic Install, Set the "Automatically Install" Defferal number of deferral days for the Automatic Install (0 Days is the default), or set the update to be Denied.
Windows Updates Configuration | Description |
Do Not Manage Windows Updates | Choose this if you don't want to update Windows via Faronics Deploy. |
Automatic Install | Allow Faronics Deploy to handle the Windows Updates automatically. |
"Automatically Install" Deferral | The number of days that the user can delay a Windows Update |
Denied | Prevent individual updates from being installed. |
Settings for all Windows Updates | Description |
Allow user to defer reboot (if required) up to 5 times | Delay a system reboot post update from 0-5 times. |
Force auto reboot prior to installation if user is logged in | If selected and if the user is logged in, a system reboot will be mandatory before installing any Windows Updates. |
Download and keep Windows Update ready when available | If selected, when an update becomes available, it will be downloaded and ready to install regardless of the update being set to automatic or manual. |
Patch Scan Frequency | Select how often to check for Windows Patches every 6, 12, or 24 hours. |
Windows 10 Additional Settings | Description |
Choose When Updates are Installed | Choose the branch readiness level to determine when feature updates are installed. Semi Annual Channel (Targeted) - Ready for most people. Semi Annual Channel - Ready for widespread use in organizations. |
Feature Update Deferral | A feature update includes new capabilities and improvements. You can choose how many days you would like to defer it, up to 365 days. |
Quality Update Deferral | A quality update includes security improvements. You can choose how many days you would like to defer it, up to 30 days. |
Anti-Virus can be enabled/disabled and configured in the Policy.
Anti-Virus is an add-on that requires a license that is not included with the Deploy Faronics license. See Setup User Profile and Organization Setting.
Anti-Virus Settings | Options | Description |
Enable Active Protection | Activate real-time protection for all computers using this Policy. Note: Make sure there is no real-time protection software is running on the computers. This includes third-party antivirus applications. | |
Allow user to switch off Active Protection | User can disable the active protection. | |
Show Active Protection Alert | Display the active protection alert when a real-time scan issue occurs. |
Cleanup Action | Options | Description |
Default Action for Infected Files | Clean/Quarantine | When a threat is detected, attempt to disinfect the file and quarantine if unsuccessful. |
Clean/Delete | When a threat is detected, attempt to disinfect the file and delete it if unsuccessful. | |
Delete items from Quarantine older than | number of days | Enter the number of days after which to delete files from quarantine, between 1 and 365. |
Enable/Disable the Quick Scan and Deep Scans here. The schedule can also be edited, configuring the Start time, Stop when the scan is complete (or at a specified time), days of the week to run the scan on. To configure a scan schedule, select the edit option to the right of it.
Scan Schedule Settings | Options | Description |
Enable | Disable by unchecking | Check the box to enable the Scan Configuration. |
Start | Time at which the scheduled scan will begin. | |
Stop | When scan is complete. | Allow the scan to finish completely. |
At specified time. | Stop the scan at a specific time. | |
Days of the week | Set the days of the week for the scan to run. |
Scan Options | Options | Description |
Randomize schedule scan start time by (2) minutes | Set the number of minutes by which to randomly change the virus scan start time. Default is set to 2 minutes. | |
If scan is missed | Do not perform quick scan. | Skip the quick scan. |
Perform quick scan approximately (5) minutes after start-up. | Start the quick scan at the specified interval after starting up the computer. Default is set to 5 minutes. | |
Prompt user to perform quick scan. | Alert the user that the scan was missed and suggest performing the scan now. |
Advanced Options | Description |
Enable rootkit detection | Detect malware toolkits (rootkits) when scanning. Available for Deep System and Custom configuration only. Deep system scan is enabled by default. |
Scan inside of archives | Scan the contents of archive files (e.g., .zip .tar files). Available for Deep System and Custom configuration only, file size limit can be set, default is 100MB. |
Exclude removable drives | Don't scan external hard drives in the scan. Only available for Deep System scans. |
Scan registry | Include the registry of the system in the scan. Available for Quick, Deep System, and Custom scans. Quick and Deep system scans are enabled by default. |
Scan running processes | Include processes that are running in the scan. Available for Quick, Deep, and Custom scans. Quick and Deep system scans are enabled by default. |
Specify the files or folders that are known to be safe. By adding the files or folders, Faronics antivirus will not report the files as malicious or infected. The list displays the items that will not be reported as a virus.
USB Devices | Options | Description |
Scan USB drives Upon Insertion | Interrupt active scan for USB scan (please note the interrupted scan will not resume). | Stop a scan that is being performed when a USB drive gets inserted into a machine. |
Do not perform a scan if another scan is in progress (the USB device will not be scanned automatically and must be scanned manually once the ongoing scan is complete). | Don't interrupt a scan if one is already running regardless if a USB drive gets inserted. | |
Suppress USB scan in progress dialogue | Enable/Disable this to hide or include USB scan in the progress dialogue. |
Remove Anti-Virus from all computers on this Policy.
Firewall Protection Settings | Options | Description |
Enable Firewall Protection | Firewall protection prevents hackers or malicious software from gaining access to your computer. | |
Allow user to disable firewall. | Checking this box disables the firewall. | |
Enable firewall logging. | Checking this box enables logs to be generated and stored by the firewall. |
Program Rules define the action taken by the firewall on the network activity to and from the application. Program Rules have priority over the default rules. Default rules can be edited but cannot be deleted.
Network Rules define the action taken by the firewall on the network activity. Network Rules can be edited but cannot be deleted.
Advanced Rules are processed in the order in which they are listed. Pre-defined Advanced Rules are generated for you. Any user-defined advanced rules will take precedence over the Pre-defined Advanced Rules.
Trusted Zones specify computers, networks, and IP addresses that are safe. Trusted Zone and Internet (Non-Trusted) can be treated differently by Application and Network Rules.
User Action | Options | Description |
Show taskbar icon | Display the Anti-Virus taskbar icon if selected. | |
Allow manual scanning | Provides the user with the option to manually scan for viruses if selected. | |
Allow user to take action on scan results | Provides the user with the option to take action on the scan results if selected. | |
Allow user to abort scan initiated locally | Provides the user the option to stop a scan that is running from their computer locally. |
Cache Server | Options | Description |
Use Anti-Virus Cache Server | Enable at least one computer as an AV cache server from the Control Grid Action Toolbar to enable the Faronics Deploy Anti-Virus Cache Server. | |
Server Name | Select the name of the computer which will become the Faronics Deploy Anti-Virus Cache Server. | |
Server IP | Enter the IP Address of the server which will become the Faronics Deploy Anti -Virus Cache Server. |
Windows Security Center | Description |
Integrate Into Windows Security Center | Allow the Faronics Deploy Anti-Virus to integrate with the Windows Security Center. |
Log Actions | Description |
Enable | All Deploy Anti-Virus to generate logs. |
Last modified 2yr ago