Set temporary Policy settings
At times, you may need to harden or relax the security on some hosts temporarily for a time duration/window. In such cases, use the temporary Policy settings feature to apply and push a temporary set of Policy settings to hosts. Policy settings here refer to the 'General' Policy settings for Host policies - Whitelist, Blacklist, Rule Rings, File Protect, USB Protect, and AutoTrust. The General settings for Host policies define how Application Control and File Protect rules and USB Protect and AutoTrust settings work on the hosts.
-
Temporary Policy settings are applied at the level of a host and not a group. You can apply a set of temporary Policy settings to One or multiple hosts in One single action.
-
A set of temporary Policy settings can be applied to hosts from different OS families.
-
Temporary Policy settings can be applied from an hour and for up to 24 hours. After the time window, the settings automatically revert to the inherent Policy settings.
-
Temporary Policy settings are immediately pushed to a host if the host is reachable to the Xprotect instance (Online). Otherwise, the settings are applied when the unreachable host is Online.
For hosts that become Online after applying the temporary Policy settings, the countdown timer for the time window starts only after the temporary settings are applied.
-
User policies on the hosts inherit the Host policy enforced on the hosts.
Use cases
A deviation from the inherent Policy settings may be needed to (but not limited to):
-
Pause the enforced Rule Rings rules on hosts from multiple Windows-based groups to allow upgrade and patching processes to run over network connections.
-
Pause USB Protect on server hosts, to run utilities and copy files between USB devices and hosts.
-
Make Whitelist rules Active for guest access on hosts and monitor policy violations.
Temporary Policy settings override the inherent Policy settings for the rules and settings of the policy on a host. We highly recommend that you understand and evaluate the nature of the rules and security settings of the policy and decide if you can deviate from the inherent settings without undesirable results during the temporary settings' time window.
Add new set of temporary Policy settings
The defaults for a set of temporary Policy settings are that all the settings are Paused. So, ensure that you set the required settings before you save and apply the temporary settings.
The restrictions with temporary Policy settings are that you cannot enforce Whitelist and Blacklist rules and set the access controls for USB Protect.
-
Go to Hosts.
-
Select One or multiple hosts.
-
Click Set Temporary Policy (in the floating panel on the top).
-
From the Settings drop-down list in the Set Temporary Policy settings fly panel, click Add New Setting.
-
Enter a name for the new set of settings.
-
Set the settings to Active or Paused.
-
Click Save.
Set temporary Policy settings
If you apply multiple sets of temporary Policy settings to a host, only the latest set is Active on the host.
-
Select One or multiple hosts.
-
Click Set Temporary Policy (in the floating panel on the top).
-
From the Settings drop-down list In the fly panel, select a set of temporary Policy settings.
-
From the Duration drop-down list, select a duration. You can select from an hour and up to 24 hours.
-
Click Apply.
Verify temporary Policy Settings
You can verify if the set of temporary Policy Settings have been applied from the Xprotect UI.
|
|
Remove temporary Policy settings
You can restore the inherent Policy settings on the hosts when the temporary Policy settings window is active. Ensure that the hosts are Online during the restore. Also, you may have to select hosts One-by-One or based on common temporary Policy settings to restore the inherent settings.
-
Select One or multiple hosts, click Set Temporary Policy, and click Remove Temporary Policy Settings (in the fly panel).