2.2.2.1. Policy details

MetaAccess offers well beyond basic compliance checks to ensure with the highest degree of confidence that your endpoints are secure. In addition to standard compliance checks such as OS level, Security Software installed and configured correctly, Encryption, Password and Firewall settings, MetaAccess has functionality to check for vulnerability and patch management, manage potentially unwanted applications, multi-engine anti-malware scanning, removable media protection, anti-keylogger and screen capture protection. MetaAccess provides the most comprehensive check in the industry.

Settings

Define actions you would like the client performs on devices

  • Advanced Malware Detection: protect your devices from risky removable media and schedule a malware scan on devices. Learn more

images/download/attachments/8456927/image2021-1-11_15-8-27.png

Monitoring issues on devices

Note: even you don't enable a category on a policy, OPSWAT Client still collects all information related to that category today

You can define how to consider an issue and severity of each issue on devices for Vulnerabilities, Compliance, Unwanted Applications, Malware Detection. You can also select the device types (Desktops, laptops, Virtual Machines, and Servers) these policies are applied to as well as by Operating System type (Windows, macOS, Linux, Android, and iOS)

images/download/attachments/8456927/image2021-1-11_15-7-19.png

Configuring device compliance status based on facts

Click on the Rules to define rules for device status based on device issues and other conditions.

  • You can edit existing device status rules

  • OR Add/Remove device status rules. Note that you cannot delete the default rule. It's a fallback rule in case a device doesn't meet any rules you define.

    images/download/attachments/8456927/image2021-1-11_15-5-30.png

Notes:

  • MetaAccess processes rules by order. If a device meets a rule (must to meet all conditions defined in that rule), it will get device status in that rule.

For example: a policy has 4 rules below:

images/download/attachments/8456927/image2020-3-7_10-25-59.png

Case 1: my device reported with no issues and has not checked in 25 hours.

Device status: the device is considered as non-compliant with Rule #1

Case 2: my device reported with no issue 5 minutes ago

Device status: the device is considered as compliant with Rule #2