2.5.4.1. Creating a Policy

Create a policy to apply to the agent / In the case of using unauthorized program measures

Create a policy to apply to the Agent.
Policies are useful functions for collectively managing settings of various security functions.
First of all, you can easily set up by creating the standard prepared OS type as a base.
When protecting servers with Agent, it is necessary to distribute security settings from the management server.
This security setting is managed as a policy on the management server.
The following is an example of a policy management unit.
  • Create a separate policy for each individual server.

  • Create a group for each server application and type, manage multiple servers in groups, and create policies.


Also, policies can be customized based on the default policy created for the operating system by the vendor. There are the following advantages and disadvantages when using the default policy created for the OS.

Merit

  • If the content to be set on multiple servers is the same, management and editing can be performed easily if created as common settings.

  • Since setting values ​​can be switched by the policy, temporary setting switching can be easily implemented by policy change.

  • In an environment that uses intrusion prevention, when rules are distributed from a vendor, the rules that the vendor determines are included in the default policy for the OS. For this reason, the rule added to the policy created based on the policy for OS is automatically applied, and it can respond to a new threat after reflecting setting.

Demerit

  • Unnecessary rules may also be applied on the corresponding server in order to force intrusion prevention rules. It takes time and effort to release unnecessary rules and maintain individual settings.

  • When managing multiple computers with one policy, you may assign unnecessary settings.



2.5.4.1.1. Create a policy to apply to the agent

Policy creation is created by duplicating the base OS policy.

  1. Select the Policies tab at Menu tabs, then click Policies at the left pane. So the following screen will display as below:
    policytab

  1. Right-click a specific policy in the displaied pain, then click Duplicate from the Menu, as below:
    copypolicy

  1. As pictured below, the duplicated policy will display as "Windows Server 2008 ('OS Version')_2" .
    copiedpolicy

  1. Right click on the duplicated policy and select "Details" from the menu.
    copiedpolicy

  1. Set up the following items.
    1. Select On or OFF for respective functions.

    2. make sure to select the Base OS.

    3. The Base OS Name will become a Management Name of a policy. We recommend you name it for easily managing.

    4. You can make advanced settings for each function by opening the items displayed in the pane.

    policyproperty

  1. Click Save as below:

  1. Once the newly duplicated OS has been created, the following picture will display. So, if Windows Server 2008 ('OS version')_2 displays just directly under the base OS (Windows Server 2008 ) at the pane, at "Inherited", you have successfully duplicated one.
    policycreated


2.5.4.1.2. In the case of using unauthorized program measures

2.5.4.1.2.1. Specifying the Base Policy

When creating a policy that uses anti-malware protection only, it is not necessary to select the parent policy (OS) in "inheritance".
This does not need to be reflected even if the rule is updated from Trend Micro, as the anti-malware program is not a function that uses the rule.
Anti-malware protection requires configuration and exclusion settings for various scans. It is recommended to create these settings for each policy.

2.5.4.1.2.2. Setting up Respective Scans

In anti-malware measures, it is possible to set various scan (real time, manual, reservation) settings.
By default, the following scan settings, set up according to Create a policy to apply to the agent , has been ready for setup.
Therefore, it is necessary to configure scan settings according to the created policy.

  1. From the properties of the created policy, click "Anti-Malware" in the pane.

  1. Please select a scan to configure.
    policyproperty

  1. "Inheritance" should be turned off.
    (When it is turned on, the setting change contents of the parent policy will be inherited. Please decide whether or not to inherit the setting according to the customer setting policy.)
  2. Select New in the relevant scan settings lists, as below:
    policyproperty

  1. If New Malware Scan Configuration display, you need to input the respective setting values.
  1. In "Name", describe the policy name and management name that uses this setting value, and in the description, management information etc. It will be easier to manage if the purpose (real time, reservation etc) is described in the name.
  2. "Scan Settings" allows you to set up directories and files to scan. If you scan directories and file extensions, you need to create respective lists after selecting items.
    newscan

  1. Double-click Exclusions, set up scan exclusions.
    Tick to the relevant item check box to set up as a search exclusion. Finally select "New" from the list.
    scanexception

  1. After the search exclusion setting property has displayed, input the same value as the default setting valu, then click "OK".
  1. In "Name", describe the policy name and management name that uses this setting value, and in the description, management information etc. It will be easier to manage if the purpose (real time, reservation etc) is described in the name.
  2. Please write down the search exclusion settings, referring to "Support Format". For further details, please verify details at online help.
    scanexception

  1. Click the "Option" tab to set up the "Search".
  1. Change the search settings in "General Options". It is desirable to change the setting according to the environment and operation.
  2. When a Alert is notified in an event occurance, mark to the checkbox of "When on, this malware scan configuration logs an event", at Alert as below:
    options