Security Management Server - AdminHelp v9.
Table of Contents Welcome ......................................................................................................................... 1 About the Online Help System ............................................................................................ 1 Attributions, Copyrights, and Trademarks .............................................................................. 1 Get Started ........................................................................................................
Table of Contents Disconnected Mode ......................................................................................................... 21 Client Activation ......................................................................................................... 22 Remote Management Console ......................................................................................... 22 Functionality ...........................................................................................................
Security Management Server - AdminHelp v9.8 Domains ................................................................................................................... 36 Domains ................................................................................................................ 36 Add a Domain ....................................................................................................... 36 Users ...........................................................................................
Table of Contents Add a User by Domain ............................................................................................. 48 Remove Users .......................................................................................................... 49 Find Users .............................................................................................................. 49 Deactivate/Suspend Users ...........................................................................................
Security Management Server - AdminHelp v9.8 Add Endpoints to an Admin-Defined Endpoint Group ......................................................... 63 Remove Endpoints from an Admin-Defined Endpoint Group ................................................ 64 Endpoints ................................................................................................................. 64 Endpoints ...............................................................................................................
Table of Contents Suspend a Server Encryption Client ............................................................................. 80 Reinstate a Suspended Server Encryption Client .............................................................. 80 Commands for Self-Encrypting Drives ............................................................................. 81 Priority of Commands for Self-Encrypting Drives ............................................................. 81 Allow PBA Login Bypass ............
Security Management Server - AdminHelp v9.8 Commit Policies ........................................................................................................ 103 Log Analyzer ............................................................................................................ 103 Recovery ................................................................................................................ 104 Recover Data - Encryption External Media Authentication Failure ...........................
Table of Contents Notification Management ............................................................................................. 114 Notification Management .......................................................................................... 114 Enable SMTP Server for Email Notifications .................................................................... 114 NotificationObjects.config ...................................................................................... 114 Notification.
Security Management Server - AdminHelp v9.8 Encryption Rules ....................................................................................................... 166 Protected Directories .............................................................................................. 167 Modifiers – What they are and what they do ................................................................... 169 Using the Override Modifier ...............................................................................
Table of Contents Policies Set by Application Control ................................................................................. 229 Advanced Threat Events tab fields and filters .................................................................... 230 Manage Enterprise Advanced Threats - Protection ............................................................... 230 Threats ...............................................................................................................
Security Management Server - AdminHelp v9.8 Cloud Profile Update .................................................................................................. 260 Set Policies to Protect Office Documents in Windows ........................................................... 260 Set Policies for Protected Office Documents ................................................................... 260 Determine Impact on Windows Users for Opt-in or Force Protected Modes ...............................
Welcome About the Online Help System Version: 9.8 Attributions, Copyrights, and Trademarks Dell Encryption is a trademark of Dell Inc. Protected by one or more U.S. Patents, including: Number 7665125; Number 7437752; and Number 7665118. The software described in this help system is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Third Party Software I. OpenSSL License - Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved.
Welcome PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ==================================================================== This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
Security Management Server - AdminHelp v9.8 IV. Portions of this product use Apache Wink. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. V. Portions of this product use Jackson JSON. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. VI. Portions of this product use Jetty. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. VII. Portions of this product use ActiveMQ.
Welcome XX. Portions of this product make use of Apache xmlrpc, Apache Software Foundation. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0.txt. XXI. Portions of this product make use of Bean Scripting Framework (http://commons.apache.org/bsf/), Apache License, Version 2.0, January 2004 http://commons.apache.org/license.html. Portions of this product make use of Apache Commons CLI (http://commons.apache.org/cli/), XXII. Apache License, Version 2.
Security Management Server - AdminHelp v9.8 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
Welcome The following copyright notices are retained when present, and conditions provided in accompanying permission notices are met : o Copyright 1994 Hewlett-Packard Company - Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation.
Security Management Server - AdminHelp v9.8 A. LEGAL NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $. Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995. Software written by Ian F. Darwin and others; maintained 1994Christos Zoulas. This software is not subject to any export provision of the United States Department of Commerce, and may be exported to any country or planet.
Welcome LVII. Portions of this product use Newtonsoft JSON 9.0.1. You may obtain a copy of the license at https://raw.githubusercontent.com/JamesNK/Newtonsoft.Json/master/LICENSE.md. Portions of this product use NT Security Classes for .NET. You may obtain a copy of the license at LVIII. http://www.codeproject.com/info/cpol10.aspx. LIX. Portions of this product use Prism Core 6.1. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LX. System.IdentityModel.Tokens.Jwt 4.0.2.
Security Management Server - AdminHelp v9.8 LXXVIII. Portions of this product use Scribe OAuth Library 1.3.0. You may obtain a copy of the license at http://opensource.org/licenses/MIT. LXXIX. Portions of this product use JSON Web Token Support for the JVM 0.6.0. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. LXXX. Portions of this product use OneDrive SDK Android 1.2.2. You may obtain a copy of the license at http://opensource.org/licenses/MIT. LXXXI.
Welcome XCIX. Portions of this product use Box iOS SDK 1.0.11. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. C. Portions of this product use CT Assets Picker Controller 2.9.5. You may obtain a copy of the license at http://opensource.org/licenses/MIT. CI. Portions of this product use Google API Objective C Client 1.0.422. You may obtain a copy of the license at http://www.apache.org/licenses/LICENSE-2.0. CII. Portions of this product use Google GTM HTTP Fetcher 1.0.141.
Get Started Get Started with Dell Data Security • Once your environment has been configured in the Server Configuration Tool, ensure that Dell Services are started. • Log in to the Remote Management Console. • Add Client Access Licenses, as needed. • Add Domains from your directory server. • If you require that users receive non-default policies upon activation, modify policies at the appropriate level. • Add Groups and Users, as necessary. • Assign Administrators, as necessary.
Get Started • Click the gear icon in the top right corner of the Remote Management Console and select Log out from the drop-down menu. Dashboard The Dashboard displays an overview of status information for your enterprise. You can access more detailed information directly from the Dashboard by clicking its statistics, graphs, and chart legends. The images below reflect what you may see in the Dashboard.
Security Management Server - AdminHelp v9.8 Note: An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Get Started Start Services Start the following Services: • Dell Compatibility Server • Dell Compliance Reporter • Dell Console Web Services • Dell Core Server • Dell Device Server • Dell Key Server • Dell Message Broker • Dell Policy Proxy • Dell Security Server 14
Security Management Server - AdminHelp v9.8 From the Service Panel: 1. Click Start > Run. Type services.msc and click OK. 2. In the Services (Local) window, highlight Dell Compatibility Server. Right-click the entry and select Start. 3. Continue in the manner above until all Dell Services are started. 4. Close the Services window. To stop Services, see Stop Services. Stop Services You may find it necessary to shut down the Services to run backups or perform other system maintenance.
Get Started 1. In the masthead at the top of the screen, click the gear icon and select Change superadmin password. 2. Enter the Current Password. 3. Enter the New Password. The new password must be at least 6 characters, contain at least one capital letter and one of these characters: ~@#$%^*()|?!{}[]. 4. Confirm the New Password. 5. Click Update. NOTE: After three failed login attempts, the superadmin account is locked for five minutes.
Components Remote Management Console The Remote Management Console allows administrators to monitor the state of endpoints, policy enforcement, and protection across the enterprise. For increased security, the Remote Management Console separates administrator duties into administrator roles. For example, the Security Administrator can change and commit security policies for the entire enterprise, groups of users, or individual users. The Remote Management Console has the following features.
Components Architecture with Encryption Enterprise for Windows/Manager Default Port Values Internal: Active Directory communication: TCP/389 Email communication (optional): 25 To Front End (if needed): Communication from external Dell Policy Proxy to Dell Message Broker: TCP/61616 and STOMP/61613 Communication to Back End Dell Security Server: HTTPS/8443 Communication to Back End Dell Core Server: HTTPS/8888 and 9000 Communication to RMI ports - 1099 Communication to Back End Dell Device Server: HTTP(S)/84
Security Management Server - AdminHelp v9.8 Dell Compatibility Server: TCP/1099 Dell Compliance Reporter: HTTP(S)/8084 (automatically configured at installation) Dell Core Server: HTTPS/8888 and 9000 (8888 is automatically configured at installation) Dell Device Server: HTTP(S)/8081 - If your Dell Server is pre-v7.7/8443 - If your Dell Server is v7.
Components to communicate with the Security Server (or Security Server Proxy) on port 8443. The full Device Server is not installed in v8.1. The Device Server Proxy forwards all communications to the Security Server behind the firewall. Policy Proxy Policy Proxy serves as intermediary between the Security Management Server and the Encryption client, delivering information from each to the other.
Navigate the Dell Server Navigation The Remote Management Console is a central control center that the administrator can use to deploy and monitor Dell Security for the enterprise. It consists of security and configuration settings that are applied through policy to groups called Populations. The menu pane allows you to access the following: Dashboard The Remote Management Console opens to the Dashboard.
Navigate the Dell Server Server to manage clients without Internet connection or a provisioned and hosted Advanced Threat Prevention service. The Dell Server captures all event and threat data in Disconnected mode. To determine if a Dell Server is running in Disconnected mode, click the gear icon at the top right of the Remote Management Console and select About. The About screen indicates that a Dell Server is in Disconnected mode, below the Dell Server version.
Security Management Server - AdminHelp v9.8 Dashboard The Dashboard displays an overview of status information for your enterprise. You can access more detailed information directly from the Dashboard by clicking its statistics, graphs, and chart legends. The images below reflect what you may see in the Dashboard. Content may vary based on the features installed and enabled on your Dell Security Management Server and endpoints.
Navigate the Dell Server Note: An Advanced Threat Prevention event is not necessarily a threat. An event is generated when a recognized file or program is quarantined, safe listed, or waived. Threats are a category of events that are newly detected as potentially unsafe files or programs and require guided remediation.
Security Management Server - AdminHelp v9.8 Notifications List The Notifications list provides a configurable summary of news, alerts, and events to display on the Dashboard or to be sent as email notifications. For more information, see Dashboard Field Descriptions and Notification Management. Notification Types You can select the notification types to include in the list. Notifications of the remaining types are hidden. Types include: Update - News of upcoming product updates.
Navigate the Dell Server Announcement - News of upcoming releases and new products. License - Alerts when your volume license availability is low, or when your client access license count has been exceeded. Threat Protection - A threat alert from Advanced Threat Prevention. Advanced Threat Event - An event detected by Advanced Threat Prevention. The summary contains a listing of Critical, Major, Minor, Warning, and Information events, with links to more detailed information.
Security Management Server - AdminHelp v9.8 users, as well as the current device encryption policy and state of the endpoint. On the dashboard's Endpoint Protection Status graph, you can select endpoints by platform, protected endpoints, non-protected endpoints, or all endpoints. See Protected. Shield Inventory Received - The date and time that the inventory was received by the Security Management Server and placed in the queue.
Navigate the Dell Server Web Filter - Includes threats related to web browsing and downloads. Web Protection - Includes threats related to web browsing and downloads. Firewall - Includes suspicious communications related to incoming or outgoing traffic and any attacks. Uncategorized - Lists the number of threats that do not belong in other event counts.
Security Management Server - AdminHelp v9.
Navigate the Dell Server Set to auto run on any device False +0 Detected by Execution Control True +5 Total score 5: High Priority Advanced Threat Prevention Classifications Advanced Threat Prevention can provide details on the static and dynamic characteristics of files. This allows administrators to not only block threats, but also to understand threat behavior in order to further mitigate or respond to threats.
Security Management Server - AdminHelp v9.8 Worm Malware that propagates by copying itself to another device. Code Red, Stuxnet Dual Use Dual Use indicates the file can be used for malicious and non-malicious purposes. Caution should be used when allowing the use of these files in your organization. For example, while PsExec can be a useful tool for executing processes on another system, that same benefit can be used to execute malicious files on another system.
Navigate the Dell Server Adware Technologies that provide annoying advertisements (example: pop-ups) or provide bundled third-party add-ons when installing an application. This usually Gator, Adware occurs without adequate notification to the user about the nature or presence Info of the add-on, control over installation, control over use, or the ability to fully uninstall the add-on. Corrupt Any executable that is malformed and unable to run.
Security Management Server - AdminHelp v9.8 Click a threat to display additional information about the threat. Details display on a new page. Click Devices to view a list of devices that have the largest number of threats. Click a device to display additional information about the device. Details display on a new page. Endpoint Protection History This graph gives a time line snapshot of the past 90 days of the total number of endpoints that are protected and total number that are not protected.
Navigate the Dell Server Endpoint OS Report To access this page, click a platform link on the Dashboard's Summary Statistics. If you click All and the Platform Report page opens, click view in the OS Report column.
Security Management Server - AdminHelp v9.8 ● Endpoints Administrators ● ● ● ● ● ● ● To access the tabs for each Population: Enterprise - Click Populations > Enterprise. Populations other than Enterprise - Click a Population link, then search for or click a Domain, User Group, User, Endpoint Group, Endpoint, or Administrator link. Note: The tabs available for an Administrator may vary, depending on the role.
Navigate the Dell Server 2. Select the Advanced Threats tab. Information about events, devices, and actions are organized on the following tabs: Protection - Lists potentially harmful files and scripts and details about them, including the devices on which the files and scripts are found. Agents - Provides information about devices running the Advanced Threat Prevention client as well as the option to export the information or remove devices from the list.
Security Management Server - AdminHelp v9.8 hostname (for example, ..com) for the enterprise directory server. Port - Enter a port for the directory server. If you do not specify a port, the default port of 389 is used. The secure port, 636, uses an SSL connection instead of clear text. Global catalog ports are 3268 (clear-text) and 3269 (secure). Distinguished Name - This field is populated when you tab from the completed Host Name field or refresh the URL.
Navigate the Dell Server User Groups On the User Groups page, you can add a user group, edit User Group priority or search and select a user group to View or Modify User Group Policies and Information. Add a User Group 1. In the left pane, click Populations > User Groups. 2. On the User Groups page, click Add. 3. Select the type of User Group from the pull-down list: Active Directory User Group or ADMINDEFINED User Group 4. Select a domain from the pull-down list. 5.
Security Management Server - AdminHelp v9.8 3. Click the tab that corresponds with the action you want to perform: Security Policies - To view or modify policies of the Domain, click Security Policies. Details & Actions - To view properties of the Domain, click Details & Actions Members - To view, add, or modify information for Groups and Users within the Domain.
Navigate the Dell Server Add Users to Domain - Allows you to add users by domain Add Group - Allows you to add a user group by domain Select to view the following information about Groups & Users, Users only, or Groups only: User/Group - Each user or user group in the Domain. Click an entry to view details. Distinguished Name CN is the common name, either a user or group name. OU is the organizational unit name, for example, Dallas.
Security Management Server - AdminHelp v9.8 Update Domain - Click to update changes. Domain Key Server This page allows you to view or modify components for use with Kerberos Authentication/Authorization. Account - Enter an account name. Click Add Account, and the entry populates the field below. Select an account in the list, and click Remove Selected. To access the Domain Key Server tab, follow these steps: 1. In the left pane, click Populations > Domains. 2.
Navigate the Dell Server Only User Groups with a Group Scope of Universal are supported for domains that connect through the Global Catalog Port. Remove User Groups 1. In the left pane, click Populations > User Groups. 2. Click a Group Name link or enter a filter to search for available Groups. Note: The wildcard character (*) may be used but is not required at the beginning or end of the text. 3. Select a row to highlight it. 4. At the top, click Delete.
Security Management Server - AdminHelp v9.8 refer to View or Modify User Information. Admin - To view, assign, or modify Administrator Roles assigned to the Group, click Admin. Select or deselect Administrator Roles to modify Administrator Roles assigned to the Group. For more information about privileges available to each Administrator Role, refer to Administrator Roles. 4. If modified, click Save.
Navigate the Dell Server User Group Details & Actions The User Group Details & Actions tab lists the properties of a selected user group. 1. In the left pane, click Populations > User Groups. 2. Search or select a Group Name, then the Details & Actions tab. Remove Group The Remove Group command permanently removes this user group from the Security Management Server. Details: Group Name - Name of the user group (\).
Security Management Server - AdminHelp v9.8 4. Valid CSV requirements: • The file must be in valid CSV format and contain a maximum of 999 endpoints. • The first column must contain valid fully qualified host names. All columns except the first column are ignored. • Only activated endpoints are added to the group. Remove Users from the Group 1. In User Group Detail, search or select a user, then click the box to the left of the User Name. 2. Click Remove Users from Group. 3. Click OK.
Navigate the Dell Server Precedence Ranking The System Defined Non-Persistent VDI Endpoint Group has the highest priority level, followed by the Persistent VDI Endpoint Group. Order of priority: 1. Non-Persistent VDI Endpoint Group 2. Persistent VDI Endpoint Group 3. Highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Group 4. Second and subsequent highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Groups 5. Opt-in Endpoint Group 6.
Security Management Server - AdminHelp v9.8 To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save. Assign or Modify Administrator Roles From the Administrators page, you can view or modify existing Administrator privileges.
Navigate the Dell Server If you remove a Group that has Administrative privileges and later re-add the Group, it remains an Administrator Group. To view, assign, or modify Administrator Roles at the User level, see User Admin.
Security Management Server - AdminHelp v9.8 3. In the Add Users by Domain dialog, select a domain from the pull-down list. 4. In the Full name field, enter the exact text for the user name or use the wildcard character (*). For best results, use non-wild card characters at the beginning of the filter (e.g., User* instead of *ser). 5. Select Common Name, Universal Principal Name, or sAMAccountName from the pull-down list.
Navigate the Dell Server 1. In the left pane, click Populations > Users. 2. Click a User Name link or enter a filter to search for available users. Note: To Search, you can enter Common Name, Universal Principal Name, or sAMAccountName. The wildcard character (*) may be used but is not required at the beginning or end of the text. 3. On the User Detail > Security Policies tab under the Windows Encryption technology group, click the Policy-Based Encryption policy group. 4.
Security Management Server - AdminHelp v9.8 3. Click the tab that corresponds with the action you want to perform: Security Policies - To view or modify policies of the User, click Security Policies. Details & Actions - To view properties of the User, click Details & Actions. Viewable information includes: User Name: User Name (username@organization.com) Distinguished Name: CN=User Name, OU=Dallas, DC=Organization, DC=com Common Name: User Name User Principal Name: username@organization.
Navigate the Dell Server 1. In the left pane, click Populations > Users. 2. Search or select a User Name, then the Endpoints tab.
Security Management Server - AdminHelp v9.8 User Group - Group to which the user belongs Distinguished Name - CN=Group1, OU=Dallas, DC=Organization, DC=com CN is the common name OU is the organizational unit name DC are domain components Common Name - non-technical name of the user group User Admin This page allows you to assign, modify, or view Administrator roles for the user. 1. In the left pane, click Populations > Users. 2. Search or select a User Name, then the Admin tab.
Navigate the Dell Server If you do not know the full Hostname or user email address, scroll through the list of available endpoints to locate the endpoint. 4. Click an endpoint in the list to display the Endpoint Detail. 5. Click the Details & Actions tab of the endpoint for which you want to view information. Issue a User Decryption Policy 1. In the left pane, click Populations > Users. 2. Click a User Name link or search for a user and then click a link to display the User Detail.
Security Management Server - AdminHelp v9.8 3. In the Select the type of Endpoint Group field, select RULE-DEFINED Group, ADMIN-DEFINED Group, or Active Directory Group. 4. In the Group Name field, enter a name for the new Endpoint Group. 5. In the Description field, enter a description for the new Endpoint Group. 6. (For Rule-Defined Groups only) In the Specification field, enter the rule that describes the Endpoint Group. Specifications can be up to 20,000 characters.
Navigate the Dell Server These policy and configuration settings for VDI Endpoint Groups must be configured before VDI client activation: Policy or Setting Persistent VDI Group Non-Persistent VDI setting Group setting Technology Category Windows Encryption Self-Encrypting Drive (SED) Self-Encrypting Drive (SED) Off Off Windows Encryption Hardware Crypto Accelerator (HCA) Hardware Crypto Accelerator (HCA) Off Off Windows Encryption Policy-Based Encryption SDE Encryption Enabled Not Selected
Security Management Server - AdminHelp v9.8 weeks. Persistent endpoints retain the configurations that are set for the VM, until the VM clone pool is removed and rebuilt. Non-persistent endpoints revert to baseline settings after a user logs off. After reverting to A persistent endpoint baseline settings,a nonis dedicated to a single persistent endpoint is user. available for another user. Endpoint Groups Specification To skip to instructions about how to add an endpoint, see Add Endpoint Groups.
Navigate the Dell Server Field Name Description CATEGORY UID Endpoint category: WINDOWS, MAC, SED Mobile Edition is not available for use in the Endpoint Groups feature. Windows hostname DISPLAYNAME OSVERSION OS Fully qualified hostname Operating system version as reported in inventory. We recommend using other available fields, as discrepancies in operating system versions may reduce the usefulness of this field.
Security Management Server - AdminHelp v9.8 OR NOT Logical OR for Boolean expression Logical NOT for Boolean expression The logical operators follow the standard Boolean operator precedence (NOT, AND, OR).
Navigate the Dell Server of ORGANIZATION, called AMERS to represent a domain in America. Additionally we have a 2nd child domain EMEA representing non-American based clients. DISPLAYNAME ENDSWITH “AMERS.ORGANIZATION.COM” This group will contain all clients that are in the AMERS domain according to their FQDN. DISPLAYNAME ENDSWITH “EMEA.ORGANIZATION.
Security Management Server - AdminHelp v9.8 Precedence Ranking The System Defined Non-Persistent VDI Endpoint Group has the highest priority level, followed by the Persistent VDI Endpoint Group. Order of priority: 1. Non-Persistent VDI Endpoint Group 2. Persistent VDI Endpoint Group 3. Highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Group 4. Second and subsequent highest ranked Active Directory/Rule-Defined/Admin-Defined Endpoint Groups 5. Opt-in Endpoint Group 6.
Navigate the Dell Server To edit User Group priority: 1. In the left pane, click Populations > User Groups. 2. Click Edit Priority. 3. Select the row of the appropriate group and drag it to the location in the list of Endpoint Groups that reflects its new priority level. 4. Click Save. View Endpoints in an Endpoint Group This page displays the endpoints included in information for every user of the specified endpoint. 1. In the left pane, click Populations > Endpoint Groups. 2.
Security Management Server - AdminHelp v9.8 Groups. Details & Actions - To view properties of the Group, click Details & Actions. Viewable information includes: Group Name: Group1 (Domain\Group1) Description: The Description provided when the Group was added. (For Rule-Defined groups) Specification: The endpoint group specification that defines endpoints as members of the group. SED Device Control - The SED Unlock command for this endpoint group is carried out in the SED Device Control area.
Navigate the Dell Server 2. Select the group to which to add endpoints. 3. Click the Members tab. 4. Select Add Endpoints to Group, then search for specific endpoints or select endpoints in the list that displays, and click Add Selected Endpoints to Group. OR Select Upload Multiple Endpoints from File, then click Browse to select a CSV file and click Upload. Valid CSV requirements: • The file must be in valid CSV format and contain a maximum of 999 endpoints.
Security Management Server - AdminHelp v9.8 Note: The wildcard character (*) may be used but is not required at the beginning or end of the text. For Windows and Mac, if you know the Hostname of the endpoint, enter it in the Search field. However, you may leave the field blank to display all Windows and Mac endpoints. For Mobile devices, optionally enter the model name or user's email address. 4. Select a row to highlight it. 5. At the top left, click Remove. 6.
Navigate the Dell Server Sync, Effective Policies, and States. You can also recover data from this page. Endpoint Groups - To view a list of Endpoint Groups to which this endpoint belong, click Endpoint Groups. All endpoint belong to at least one endpoint group, the Default Endpoint Group. Threat Events - To view information about threat events on the endpoint, click Threat Events.
Security Management Server - AdminHelp v9.8 Note: Endpoint removal is permanent. Once an endpoint is removed, the action cannot be undone. Details: Windows Category - Windows OS/OS Version - Example: Microsoft Windows 10 Enterprise Processor Serial Number - Manufacturer assigned serial number Unique ID - Dell assigned unique identifier Protected - Date and time stamp Mac Category - Mac OS/OS Version - Example: Mac OS X 10.11.
Navigate the Dell Server Android / 5.0 iPhone OS / 8.
Security Management Server - AdminHelp v9.
Navigate the Dell Server Recovery ID of the specific endpoint Version (core/edition) Activation Method (typically Mandatory) Edition (Dell or Credant) States: Policy Updating: Date and timestamp Device Encryption Updating: Date and timestamp Device Data Encryption On: Date and timestamp Sweep Started: Date and timestamp Sweep Completed: Date and timestamp Inventory Received: Date and timestamp Inventory Processed: Date and timestamp Protected: Protection Status Tab: Disk Name Capacity (storage) Protection S
Security Management Server - AdminHelp v9.8 Partitions - number of partitions the disk has Capacity - capacity of the disk Protection Status - Protected or unprotected Interface - Disk interface (Examples: IDE, SATA) Model - Manufacturer name and model of the disk Click the small black arrow on the left to expand the disk details to view information for each partition of the disk. Logical Disk - The name of the logical disk. ID - The identifying number of the logical disk.
Navigate the Dell Server TPM Services Not Started – In the Enterprise Server Console this is listed as TPM Base Services Failed. It means something is preventing the TPM service from starting as expected. The Manager is not actively enforcing policy related to this plugin, due to this plugin-specific exception. No TPM Device – The TPM device is not present or is not detectable in the indicated computer.
Security Management Server - AdminHelp v9.8 Provisioned Date - Date/time stamp that the client was provisioned. Mobile Device Detail For Mobile devices, once a device is discovered, commands are carried out on this page. Unlike policies and restrictions that are concerned with enforcement, commands are pushed to the device to enable an action.
Navigate the Dell Server Wipe - The Wipe command functions as a “restore to factory state” for the SED drive. The Wipe command can be used to re-purpose a computer or, in an emergency situation, wipe the computer, making the data permanently unrecoverable. When the wipe command is consumed by the client, all history and details about this endpoint are removed from the Security Management Server. Ensure that this is the desired behavior before invoking this command.
Security Management Server - AdminHelp v9.
Navigate the Dell Server Endpoint Users This page displays information for every user of the specified endpoint. The user information differs for each technology group or policy category. 1. In the left pane, click Populations > Endpoints. 2. Search or select a Hostname, then the Users tab.
Security Management Server - AdminHelp v9.8 2. Search or select a Hostname, then the Endpoint Groups tab. Endpoint Threat Events This page lists information on threat events for the selected endpoint. 1. In the left pane, click Populations > Endpoints > Workstation. 2. Search or select a Hostname, then the Threat Events tab.
Navigate the Dell Server The list presents all files that have triggered events found on this device. Columns Icon - An icon appears in this column, when available. Name - File triggering the event. File Paths - The location of the file on the device. Cylance Score - A score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the confidence level that the file is malware. The higher the number, the greater the confidence.
Security Management Server - AdminHelp v9.8 Quarantine Click Quarantine to add the file to the Quarantine list. Quarantining a file will prevent the file from being executed on this device. Note: Quarantining a file will move the file from its original location to the Quarantine directory (C:\ProgramData\Cylance\Desktop\q). Waive Click Waive to allow the file to run on this device. Note: Occasionally, a “good” file could be quarantined or reported.
Navigate the Dell Server Use the following filters to select content to display on the Advanced Threat Events tab: Type - Threat Found, Threat Blocked, Threat Terminated, Memory Violation Blocked, Memory Violation Terminated, Memory Violation (Detected), Threat Removed, Threat Quarantined, Threat Waived, Threat Changed, Protection Status Changed. Severity - Severity level of the event: Critical, Major, Minor, Warning, or Informational.
Security Management Server - AdminHelp v9.8 2. In the Search field, enter SERVER-USER and click the search icon. 3. Click the User Name of the appropriate user. 4. On the User Detail page, click the Endpoints tab. 5. Click the Device Id of the appropriate endpoint. 6. On the Endpoint Detail page, click the Details & Action tab. 7. In Server Device Control, click Reinstate. The Server Encryption client is reinstated the next time the endpoint is rebooted.
Navigate the Dell Server 4. Click the search icon. An endpoint or list of endpoints displays, based on your search filter. 5. Click the Hostname of the endpoint on which to allow PBA login bypass. 6. Click the Details & Actions tab. 7. Under SED Device Control, click Bypass Login. 8. Click Yes to confirm that you want to send the Bypass Login command to the endpoint.
Security Management Server - AdminHelp v9.8 Lock a Self-Encrypting Drive To lock the PBA screen and prevent any user from logging onto the computer, follow these steps: 1. In the left pane, click Populations > Endpoints. 2. Select the Workstation Endpoint Type. 3. If you know the full Hostname of the endpoint, enter it in the Search field. However, you may leave the field blank to display all Workstation endpoints. 4. Click the search icon.
Navigate the Dell Server This value is the number of seconds the SED client waits to attempt to contact the Server if the Server is unavailable to communicate with the SED client. The default is 300 seconds (5 minutes). Administrators Assign or Modify Administrator Roles From the Administrators page, you can view or modify existing Administrator privileges. To view or modify existing Administrator privileges, follow these steps: 1. In the left pane, click Populations > Administrators. 2.
Security Management Server - AdminHelp v9.8 level of privileges are assigned to each Administrator. A single Administrator can have privileges of more than one Administrator type. However, it is recommended to have a maximum of one Super Administrator (an Administrator who has privileges of all Administrator types). The following table shows the tasks each Administrator can perform in the Remote Management Console or Compliance Reporter Interface.
Navigate the Dell Server Create, change, and delete Administrator accounts ● ● Delegate Administrator privileges ● ● Download Recovery Key Bundle ● ● ● Provision or recover the Advanced Threat Prevention service ● ● Enroll for Advanced Threat Prevention auto updates ● ● Set email notifications of Client Access Licenses, Threat Protection, and Advanced Threat Prevention Alerts ● ● ● Manage Data Guardian external users ● ● ● Manage Data Guardian external user key requests ● ● ● Rev
Security Management Server - AdminHelp v9.
Navigate the Dell Server To delegate Administrator rights, follow these steps: 1. In the left pane, click Populations > User Groups. 2. Search for the appropriate group. 3. Click the Admin tab. 4. Under Delegated Roles, click Add. 5. Search for and select the User to receive administrator rights, then click Add. To remove delegated administrator rights, under Delegated Roles in User Group Detail, locate the User to remove as delegated administrator and click the red X next to the User name.
Security Management Server - AdminHelp v9.8 • • Click a marker and it can list the Device, File, User, and Timestamp for that marker's audit event. • The audit event can be a combination of the device and user that caused the audit event, for example: One device or user accessed one file. Multiple devices or users accessed one file, and the timestamp indicates the user who last accessed the file. One user accessed numerous files.
Navigate the Dell Server • • Data Guardian Action - The default is All. Click one or more check boxes to display the reason for an Action. See Protected_Office_Document_audit_events and the tables below for details and to determine the operating system. • Net Action (Cloud Encryption - Windows only) - Identifies attempts by a user or device to open an application or browser, but the attempt was blocked; or, attempts to proxy through, but the address was blocked. See Net Action.
Security Management Server - AdminHelp v9.8 Column options related to payload data: File Name File Path Data for an audit event's moniker or parameters. Parameters may differ for each audit event but are the same within the event. For example, the data may differ for sl_xen_file and sl_protected_file, but the data for each Cloud Encryption .xen file event is the same.
Navigate the Dell Server Modifed Repaired tampering Tampering was detected in the wrapper of the protected Office document, which contains the cover page that opens in the cloud or on a device that does not have Dell Data Guardian. Dell Data Guardian repaired the wrapper or cover page. ● ● ● Attempt Access Request Access An external user requested a key for a file to which they do not have access or the access time has expired.
Security Management Server - AdminHelp v9.8 Process Process - Migration of Cloud Encryption events. A system event from the client performs an action on the .xen file. Address Application Application - App indcates this is part of the Cloud Encryption application.
Navigate the Dell Server 2. Select the Show only visible check box for the columns to list only the files for that audit event. 3. Click a quick search icon next to a Device, User, File Name, or KeyID. 4. If you click a User quick search, you can then click a File Name quick search icon and the map zooms in to the location of the user when the file was accessed. 5. Clear the Search field and press Enter to return to the global map view. Return to Dell Data Guardian policies.
Security Management Server - AdminHelp v9.8 In addition to the steps above: 1. In Columns, select: • Client Type - to indicate internal or external users. • From and To - to audit embargo and external users. • Request Access - an external user requested access to keys from an internal user. 2. Analyze the data in the Remote Management Console or select Export File > Excel or CSV where you can sort the data. Optionally, you can export the audit events to a SIEM Server.
Navigate the Dell Server If you leave the defaults, all monikers and columns display. You can select one item from Grouping to sort monikers or column options. You can select options in the dropdowns to minimize the data that displays. View Audit Events (Geolocation) Click Audit Events in the left pane of the Remote Management Console to view geographic map points of file events on computers and devices running Dell Data Guardian. For a list of audit event types, see Dell Data Guardian and Audit Events.
Security Management Server - AdminHelp v9.8 Event Data Event data displays below the map about the events represented on the map. Narrow the amount of data displayed by using the + icon in the upper left corner of the map to zoom in. Expand the amount of data displayed by using the - icon in the upper left corner of the map to zoom out.
Navigate the Dell Server [tcp-ssl:] disabled = 0 [SSL] serverCert = $SPLUNK_HOME\etc\auth\server.pem sslPassword = requireClientCert = false $SPLUNK_HOME\etc\system\local\server.conf [sslConfig] sslRootCAPath = $SPLUNK_HOME\etc\auth\cacert.pem sslPassword = 2. Restart the Splunk server. After the restart, splunkd.log will have entries similar to the following: 07-10-2017 16:27:02.
Security Management Server - AdminHelp v9.8 For Security Management Server Virtual - Add the Splunk server's root certificate (cacert.pem) to /etc/ssl/certs/java/cacerts and restart the Dell Server. 4. Modify the Dell Server database to change the SSL value from false to true: In the database, navigate to the information table, SIEM-specific support configuration. Change the "SSL":"false" value to "SSL":"true" – for example: {"eventsExport":{"exportToLocalFile":{"enabled":"false","fileLocation":".
Navigate the Dell Server • When a device is removed. Example Message for Device Removed Event: • When a device’s policy or logging level has changed. Example Message for Device Updated Event: Memory Protection Selecting this option will log any Memory Exploit Attempts that might be considered an attack from any of the Tenant’s devices to the Syslog server. There are four types of Memory Exploit actions: • None: Allowed because no policy has been defined for this violation.
Security Management Server - AdminHelp v9.8 Threats Select this option to log any newly found threats or changes observed for any existing threat, to the Syslog server. Changes include a threat being Removed, Quarantined, Waived, or Executed. There are five types of Threat Events: • threat_found: A new threat has been found in an Unsafe status. • threat_removed: An existing threat has been Removed. • threat_quarantined: A new threat has been found in the Quarantine status.
Navigate the Dell Server Only available if the Protocol specified is TCP. TLS/SSL ensures the Syslog message is encrypted in transit from Advanced Threat Prevention to the Syslog server. Dell encourages customers to select this option. Ensure that the Syslog server is configured to listen for TLS/SSL messages. To use TLS/SSL, it is necessary to configure the Syslog server and import certificates. For more information, see Export Audit Events with TLS/SSL over TCP.
Security Management Server - AdminHelp v9.8 For the latest IP addresses for Syslog messages, contact Dell ProSupport. Management Commit Policies To commit polices that have been modified and saved: 1. In the left pane of the Remote Management Console, click Management > Commit. 2. Enter a description of the change in the Comment field. Best practice: add a comment about the changes that are committed. 3. Click Commit Policies.
Navigate the Dell Server 5. To sort the results in ascending order by column, click the heading of the column you want to sort. 6. To export the results to an Excel or CSV file, pull down the Export File list and select Excel or CSV. Exported files can hold up to 100,000 records.
Security Management Server - AdminHelp v9.8 12. Ask the user for the 8, 16, or 32-character Endpoint Code (not case sensitive) and enter it into the appropriate field. Endpoint Codes contain only the letters A-F. 13. Ask the user for the Key ID and enter it into the appropriate field (if your organization allows nondomain user activation, the Key ID is required. 14. Click Generate Access Code.
Navigate the Dell Server The user may now use the removable storage as usual. If manual authentication is not successful, the device is disabled according to policy, as follows: • The policy could be set to wait (cooldown) between unsuccessful manual authentication attempts. or • The policy may be set to delete the encryption key material and prevent any access to encrypted files on this removable storage.
Security Management Server - AdminHelp v9.8 1. Follow the steps below. The user in this example is "games". The next triage resets the "removed" flag. 2. Perform a recovery through Security Management Server (meaning, lock yourself out of the removable storage by entering an incorrect password until the recovery screen displays). Generate an Access Code through the Security Management Server. 3. Reset the Encryption External Media password. 4.
Navigate the Dell Server SED Recovery SED Authentication Failure Use this procedure to recover access to a computer with an SED drive after an authentication failure. 1. In the left pane, click Management > Recover Data. 2. Click the SED tab. 3. Under Recover SED Endpoint, enter the Hostname of the computer. You can find the Hostname at Populations > Endpoints. If you know the full Hostname of the endpoint, enter it in the Search field.
Security Management Server - AdminHelp v9.8 Encryption - http://www.dell.com/support/home/us/en/19/product-support/product/dell-data-protectionencryption/manuals Threat Protection - Endpoint Security Suite Pro - http://www.dell.com/support/home/us/en/19/productsupport/product/dell-dp-endpt-security-suite/manuals Advanced Threat Prevention - Endpoint Security Suite Enterprise http://www.dell.
Navigate the Dell Server If authorized CALs exceed 5% of that specific CAL total, new client activations for that specific product will be blocked until the license key is brought into compliance. No other client or Security Management Server functions will be impacted when a license key is in the over 105% state. Two separate warning messages are displayed, the first warning message is when the CAL reaches 99% of the authorized licenses, the second when the CAL count reaches or exceeds the 105% total.
Security Management Server - AdminHelp v9.8 Upload Client Access Licenses You received CALs separately from the installation files, either at the initial purchase or later if you added additional CALs. 1. In the left pane of the Remote Management Console, click Management > License Management. 2. Under Upload Licenses, click Choose File to browse to the location of the saved CAL.
Navigate the Dell Server Provision or Recover the Advanced Threat Prevention service - After the service is provisioned, clients are automatically provisioned with Advanced Threat Prevention. For more information, see Provision or Recover Advanced Threat Prevention Service. Enroll to receive Advanced Threat Prevention agent auto updates - After enrollment, clients can automatically download and apply updates from the Advanced Threat Prevention server. For more information, see Enroll for Agent Auto Update.
Security Management Server - AdminHelp v9.8 Receive agent auto updates To enroll to receive agent auto updates: 1. In the left pane of the Remote Management Console, click Management > Services Management. 2. On the Advanced Threats tab, under Agent Auto Update, click the On button then click the Save Preferences button. Stop receiving agent auto updates To stop receiving agent auto updates: 1. In the left pane of the Remote Management Console, click Management > Services Management. 2.
Navigate the Dell Server Notification Management Notification Management The Notification Management page lets you manage email notifications. To add an email notification: 1. In the left pane of the Remote Management Console, click Management > Notification Management. 2. Click the Add button and fill in the dialog: Email: Enter or select your email address. Notification Type: Select the type of alert you want to add. Priority Level: Select the priority levels of notifications.
Security Management Server - AdminHelp v9.8 [Do not change this value] [Do not change this value] Notification.config If your email server requires authentication, modify the Notification.config file located at .
Navigate the Dell Server Columns include: • • • • • • User - external user making the request File Name Request Date Request Expiration File Owner - internal user Approve/Deny To approve or deny a request: 1. In the left pane of the Remote Management Console, click Management > Key Request Management. 2. Select the Key Request tab. 3. Search for specific requests or select requests in the list that displays. To select multiple requests to approve or deny, press Ctrl and then select the requests.
Security Management Server - AdminHelp v9.8 NOTE: After three failed login attempts, the superadmin account is locked for five minutes. To change these settings, see Set or Change Account Lockout Settings. Change Account Lockout Settings After three failed login attempts, the superadmin account is locked for five minutes. To change these settings: 1. Open \conf\application.properties. 2.
Manage Policies Manage Security Policies You can apply security policies at the Enterprise, Domain, User Group, User, Endpoint Group, and Endpoint levels. The initial deployment of your Security Management Server or Security Management Server Virtual has default policy settings that allow your enterprise to get started with Dell Security, but you can customize the security and configuration settings.
Manage Policies At least one default setting in the policy group has been overridden. Group of policy settings that has no master switch. The policy change is not yet committed. The policy value can be localized, in order for policies to display on the endpoint computer in a selected language. For more information, see Localize Policies Displayed on the Endpoint Computer and Localizable_policies. The default setting of a localizable policy is overridden. A localizable policy change is not yet committed.
Security Management Server - AdminHelp v9.8 4. Select a language for localizable policies from the drop-down list at the top right of the screen. 5. Enter text that is in the language you selected for localizable policies. Navigate the populations and technology groups as necessary to localize all desired policies for that language. 6. Click Save. 7. To update policies in a different language, select the language from the drop-down list, enter localized text for all desired policies, and click Save.
Manage Policies Technology Group Policy Windows Encryption > Self-Encrypting Drive (SED) Support Information Text PBA Title Text Legal Notice Text Self Help Questions (Pre-8.
Security Management Server - AdminHelp v9.8 Application Data Encryption List Managed Services Removable Media Encryption > Windows Media Encryption EMS Device Whitelist EMS Access Code Required Message EMS Access Code Failed Message Endpoints Level Technology Group Policy Windows Encryption > Self-Encrypting Drive (SED) Support Information Text PBA Title Text Legal Notice Text Self Help Questions (Pre-8.
Manage Policies Policy Default Setting Description Full Disk Encryption (FDE) This technology manages drives using software-based Full Disk Encryption. Authentication by users through a Pre-Boot Authentication environment (before the operating system has booted) is required to unlock the drive. On Off Full Disk Encryption (FDE) Off Toggle to ON to enable all full disk encryption policies. If this policy is toggled to OFF, no full disk encryption takes place, regardless of other policy values.
Security Management Server - AdminHelp v9.8 policy is toggled to OFF, no policy-based encryption takes place, regardless of other policy values. On means that all Policy-Based Encryption policies are enabled. Changing the value of this policy triggers a new sweep to encrypt/decrypt files. Common, User, User Roaming Choose a key to indicate who should be able to access files encrypted by Application Data Encryption List, and where. More...
Manage Policies -^3@%ENV:SYSTEMROOT%\SYSTEM32\cmd.exe;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\autochk.exe;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\winresume.exe;exe -^F#:\bootmgr -^F#:\boot -^@%ENV:SYSTEMDRIVE%\;vol -^%ENV:SYSTEMDRIVE%\Program Files\PGP Corporation -^3%ENV:SYSTEMDRIVE%\PGPWDE00 -^3%ENV:SYSTEMDRIVE%\PGPWDE01 -^3%ENV:SYSTEMDRIVE%\PGPWDE02 -^3%ENV:SYSTEMDRIVE%\PGPWDE03 -^%ENV:SYSTEMDRIVE%\Program Files\Symantec -^%ENV:SYSTEMDRIVE%\Program Files (x86)\Symantec -^%ENV:SYSTEMDRIVE%\Program Files\Common Files\
Security Management Server - AdminHelp v9.8 The available drive letters are: #: Refers to all drives f#: Refers to all fixed (nonremovable) drives r#: Refers to all removable drives If the same folder is specified in both this policy and the User Encrypted Folders policy, this policy prevails. Policy-Based Encryption-User Experience Selected Not Selected Enable Software Auto Updates Selected Selected enables the client update agent to automatically check for updates.
Manage Policies Turn Off Encryption Do Not Manage ignores the System Drive (typically the drive that the operating system is installed on). Turn On Encryption allows BitLocker to encrypt the System Drive only. Turn Off Encryption disables BitLocker from encrypting the system drive or decrypts any BitLockerencrypted system drives. Do Not Manage Turn On Encryption Turn Off Encryption Encrypt Fixed Drives Do Not Manage This policy does not encrypt the system drive.
Security Management Server - AdminHelp v9.8 Selected Not Selected Allow BitLocker Encryption Without a Compatible TPM Selected Selected allows a computer without a compatible TPM to use BitLocker encryption. In this mode, a USB drive is required for startup. When the key is inserted, access to the drive is authenticated and the drive is accessible. If the USB key is lost or unavailable, the computer will require BitLocker recovery for access.
Manage Policies (PIN) and a USB drive containing the startup key. Encryption Method and Cipher Strength (OS Volumes) XTS-AES-128 AES-128 AES-256 XTS-AES-128 (for use with Windows 10 Anniversary Edition and later) XTS-AES-256 (for use with Windows 10 Anniversary Edition and later) Algorithm and cipher strength used by BitLocker Drive Encryption for OS Volumes.
Security Management Server - AdminHelp v9.8 encrypt/decrypt files. Selected Not Selected Allow Software Server Encryption Selected If this policy is Selected, client servers will be activated at the Enterprise level. This policy may be set to Not Selected to block activations during initial Dell Server setup and maintenance interruptions. Not Selected Server Maintenance Schedule This policy must be selected to use all other Server Maintenance policies.
Manage Policies -^%ENV:SYSTEMROOT%\WinSxS -^%ENV:SYSTEMROOT%\Fonts ^3@%ENV:SYSTEMROOT%\SYSTEM32\;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\cmd.exe;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\autochk.exe;exe -^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace extensively. Removing these exclusions may result in Windows issues, particularly after applying patch updates. Contact ProSupport for guidance if you are unsure about changing the values. -^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files (x86)\Del
Security Management Server - AdminHelp v9.
Manage Policies CONNECTIONS COMMON_MUSIC COMMON_PICTURES COMMON_VIDEO RESOURCES PROFILES %HKCU:regpath% • Includes a numeric or text value stored in the registry for the Current User. If you specify a path but not an item, the client uses the default value %HKLM:regpath% • Includes a numeric or text value stored in the registry for the local computer.
Security Management Server - AdminHelp v9.8 Enable SED Plugin Selected See basic settings Policy Default Setting Policy-Based Encryption This technology uses Dell's proprietary data centric encryption to allow user data and computer encryption. This allows greate access on a computer to only what a user is authorized to view. Encrypt with SDE when SED is detected User Encrypted Folders Not Selected String Exe List Application Data Encryption List 135 winword.exe excel.exe powerpnt.exe msaccess.
Manage Policies User Encryption Algorithm AES256 SDE Encryption Algorithm AES256 Common Encryption Algorithm AES256 Encrypt Outlook Personal Folders Not Selected Encrypt Temporary Files Selected Encrypt Temporary Internet Files Selected 136
Security Management Server - AdminHelp v9.
Manage Policies User Data Encryption Key User Policy Proxy Connections 138
Security Management Server - AdminHelp v9.
Manage Policies Processing Control Suppress File Contention Notification Selected Number of Encryption Processing Delays Allowed 0 Length of Each Encryption Processing Delay 5 Length of Each Policy Update Delay 15 Force Reboot on Update Selected Length of Each Reboot Delay 15 Number of Reboot Delays 3 140
Security Management Server - AdminHelp v9.8 Allowed Allow Encryption Processing Only When Screen is Locked False Hide Overlay Icons Selected See basic settings Policy Default Setting Bitlocker Encryption This technology manages Microsoft BitLocker policies for full disk and removable media encryption.
Manage Policies Formatted Fixed Drives Configure Use of Passwords for Fixed Data Drives Allow Configure Password Complexity for Fixed Data Drives Allow Minimum Password Length for Fixed Data Drives Encryption Type for Fixed Data Drives Choose How BitLockerprotected Fixed Drives Can be Recovered Allow Data Recovery Agent for Protected Fixed Data Drives 8 Full Encryption Not Selected Selected 142
Security Management Server - AdminHelp v9.
Manage Policies Configure Use of HardwareBased Encryption for Fixed Data Drives Selected Use HardwareBased Encryption for Fixed Data Drives Selected Use BitLocker SoftwareBased Encryption on Fixed Data Drives When Hardware Encryption is Not Available Selected Restrict Crypto Algorithms and Cipher Suites Allowed for HardwareBased Encryption on Fixed Data Drives Not Selected Configure Specific Crypto Algorithms and Cipher Suites Settings on Fixed Data Drives String See basic settings Bitlocker Encry
Security Management Server - AdminHelp v9.8 Set Organizational Unique Identifiers Set Allowed Organizational Unique Identifiers Prevent Memory Overwrite on Restart Not Selected Enable Smart Card Certificate Identifier Not Selected Smart Card Certificate Identifier 1.3.6.1.4.1.311.67.1.
Manage Policies Allow SecureBoot on Operating System Drives Selected Disallow Standard Users from Changing the PIN on Operating System Drives Not Selected Enable Use of Preboot Keyboard Input on Slates Not Selected Reset Platform Validation Data After Recovery Not Selected Choose How BitLockerprotected Operating System Drives Can be Recovered Not Selected Allow Data Recovery Agent for Protected Operating System Drives Selected Configure User Storage of BitLocker 48digit Recovery Password Allow
Security Management Server - AdminHelp v9.
Manage Policies Based Encryption on Operating System Drives Configure Specific Crypto Algorithms and Cipher Suites Settings on Operating System Drives 2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.
Security Management Server - AdminHelp v9.
Manage Policies PCR8,on PCR9,on PCR10,on PCR11,on PCR12,off PCR13,off PCR14,off PCR15,off PCR16,off PCR17,off PCR18,off PCR19,off PCR20,off PCR21,off PCR22,off PCR23,off Configure UEFI TPM Platform Validation Profile Not Selected PCR0,on PCR1,off PCR2,on PCR3,off PCR4,on PCR5,off PCR6,off PCR7,off PCR8,off PCR9,off Configure Specific UEFI TPM Platform Settings PCR10,off PCR11,on PCR12,off PCR13,off PCR14,off PCR15,off PCR16,off PCR17,off PCR18,off PCR19,off PCR20,off PCR21,off PCR22,off PCR23,off See b
Security Management Server - AdminHelp v9.
Manage Policies Removable Data Drives Encryption Type for Removable Data Drives Choose How BitLockerprotected Removable Drives Can be Recovered Allow Data Recovery Agent for Protected Removable Data Drives Full Encryption Not Selected Selected Configure User Storage of BitLocker 48digit Recovery Password Allow Configure User Storage of BitLocker 256bit Recovery Key Allow Omit Recovery Options from the BitLocker Setup Wizard for Removable Media Not Selected Save BitLocker Recovery Information to
Security Management Server - AdminHelp v9.
Manage Policies See basic settings Policy Default Setting Server Encryption This technology manages Dell's data centric encryption using certificate-based authentication instead of the typical user-based allows for protection of devices such as Windows Servers that do not commonly have users logged in.
Security Management Server - AdminHelp v9.
Manage Policies Class: Windows Portable Device (WPD) Enabled Subclass Windows Portable Device (WPD): Storage Full Access Class: Human Interface Device (HID) Enabled Class: Other Enabled EMS Encrypt External Media Not Selected EMS Exclude CD/DVD Encryption Not Selected EMS Access to unShielded Media EMS Encryption Algorithm EMS Automatic Authentication EMS Scan External Media Read Only AES256 Disabled Not Selected 156
Security Management Server - AdminHelp v9.
Manage Policies EMS Alpha Characters Required in Password Selected EMS Mixed Case Required in Password Selected EMS Number of Characters.
Security Management Server - AdminHelp v9.8 Password EMS Access and Device Code Length 16 EMS Access Code Attempts Allowed 3 EMS Access Code Failure Action Apply Cooldown EMS Access Code Required Authentication Failed. Please contact your system administrator. Message String EMS Cooldown Time Delay 30 EMS Cooldown Time Increment 20 EMS Access Code Failed Message EMS Encryption Rules 159 String You are not authorized to use this media. Please contact your system administrator.
Manage Policies EMS Block Access to UnShieldable Media Selected SDE Encryption Enabled Selected SDE Encryption Algorithm AES256 160
Security Management Server - AdminHelp v9.8 String F#:\ -^%ENV:SYSTEMDRIVE%\System Volume Information -^%ENV:SYSTEMROOT%\;dll.exe.sys.ocx.man.cat.manifest.policy -^%ENV:SYSTEMROOT%\System32 -^%ENV:SYSTEMROOT%\SysWow64 SDE Encryption Rules -^%ENV:SYSTEMROOT%\WinSxS -^%ENV:SYSTEMROOT%\Fonts ^3@%ENV:SYSTEMROOT%\SYSTEM32\;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\cmd.exe;exe -^3@%ENV:SYSTEMROOT%\SYSTEM32\autochk.exe;exe -^3%ENV:SYSTEMDRIVE%\ProgramData\Dell\Kace -^3%ENV:SYSTEMDRIVE%\Program Files\Dell\Kace -^3%ENV:SY
Manage Policies Encrypt Temporary Files Not Selected Encrypt User Profile Documents Not Selected Encrypt Windows Paging File Managed Services Selected null 162
Security Management Server - AdminHelp v9.
Manage Policies Policy Proxy Polling Interval 720 See basic settings Variables Some Windows policies support the following variables. A pathname can consist entirely of one or more of these variables, or can include one or more of these variables at any point. To get directory locations that these CSIDL values resolve to, go to http://msdn.microsoft.com/enus/library/bb762494.aspx. All names listed on the MSDN page are CSIDL_.
Security Management Server - AdminHelp v9.
Manage Policies COMMON_DOCUMENTS COMMON_ADMINTOOLS ADMINTOOLS CONNECTIONS COMMON_MUSIC COMMON_PICTURES COMMON_VIDEO RESOURCES PROFILES %HKCU:regpath% • Includes a numeric or text value stored in the registry for the Current User. If you specify a path but not an item, the client uses the default value %HKLM:regpath% • Includes a numeric or text value stored in the registry for the local computer.
Security Management Server - AdminHelp v9.8 Important: Before you begin, you must understand directory protection, as well as when and how to override directories and file types. If you do not completely understand the information included in this section, as well as the encryption settings that currently exist on your environment, do not attempt to override protected directories. Do not encrypt files with the extension tmp. Encrypting .
Manage Policies CSIDL_COMMON_APPDATA\Symantec CSIDL_PROGRAM_FILES\McAfee CSIDL_PROGRAM_FILESX86\McAfee CSIDL_PROGRAM_FILES_COMMON\McAfee CSIDL_PROGRAM_FILES_COMMONX86\McAfee CSIDL_COMMON_APPDATA\McAfee CSIDL_PROGRAM_FILES\Trend Micro CSIDL_PROGRAM_FILESX86\Trend Micro CSIDL_COMMON_APPDATA\Trend Micro CSIDL_PROGRAM_FILES\Microsoft Security Client CSIDL_PROGRAM_FILESX86\Microsoft Security Client CSIDL_COMMON_APPDATA\Microsoft Security Client CSIDL_PROGRAM_FILES\Sophos CSIDL_PROGRAM_FILESX86\Sophos CSIDL_COMMO
Security Management Server - AdminHelp v9.8 %SYSTEMROOT%\Security The following directories have Category 3 exclusions: \.dll.exe.sys.mac.ddp.tbp.wip.rty.nmd.inv.config.sdf.installstate %SYSTEMROOT%\system32\drivers\CmgHiber.dat Modifiers – What they are and what they do The ^ character is the “Override” command. It causes the listed policy to override protected directories. It may be followed by a “2” or a “3”, indicating the level of the override.
Manage Policies What this does: On the C: drive, this causes all files with the extension bat, exe, and dll to not be encrypted. Encrypting/Not Encrypting Directories In order to include or exclude directories using encryption rules, use the following within your rules: • After specifying your directory location, you do not need to list a trailing backslash (\). • If you list a directory for inclusion, every file contained within that directory will be encrypted.
Security Management Server - AdminHelp v9.8 What this does: (1st statement is an inclusion, 2nd statement is an exclusion, 3rd statement is an inclusion) On the C: drive, encrypt all files in folders at the root level and below, except for files residing in the protected directories and files residing in “MyApplicationFolder”. However, override and encrypt files with the extension doc, docx, xls, xlsx, ppt, and pptx in the protected directories and in the folder “MyApplicationFolder”.
Manage Policies The following environment variables are supported: All locally defined environment variables The following KNOWNFOLDERID values are supported: RoamingAppData Cookies Desktop Favorites InternetCache LocalAppData Music Pictures Documents Programs Recent SendTo StartMenu Startup Templates The following CSIDL variables are supported: APPDATA COOKIES DESKTOPDIRECTORY FAVORITES INTERNET_CACHE LOCAL_APPDATA MYMUSIC MYPICTURES PERSONAL PROGRAMS RECENT SENDTO STARTMENU STARTUP TEMPLATES 172
Security Management Server - AdminHelp v9.8 Some examples of variables used in folder and extension policy: %ENV:SYSTEMDRIVE%\CustomApplication What this does: This lists the folder \CustomApplication\ for encryption on the default drive where Windows is installed. -%ENV:USERPROFILE%\Desktop What this does: This lists the user who is logged in to have their desktop obtain a category 0 protection.
Manage Policies SDE. This allows the SDE Key to be used to encrypt data that would not otherwise be possible with the Common or User Keys due to time-based availability of the keys. Due to the difference in how the SDE Key can be used, there are several caveats to be aware of when considering use of this feature. • The built-in exclusions covered in protected directories do not apply to SDE. By design, SDE excludes portions of the operating system that are necessary for booting and updating.
Security Management Server - AdminHelp v9.8 %SystemRoot%\system32\utilman.exe %SystemRoot%\system32\narrator.exe %SystemRoot%\system32\magnify.exe %SystemRoot%\system32\osk.exe %SystemRoot%\system32\csrss.exe %SystemRoot%\system32\hvloader.exe %SystemRoot%\system32\hvix64.exe %SystemRoot%\system32\hvax64.exe %ProgramFiles%\Dell\Dell Data Protection\Encryption\Local Console.exe %SystemRoot%\boot %SystemRoot%\prefetch %SystemRoot%\system32\Boot %SystemRoot%\Config.MSI %SystemRoot%\system32\drivers %SystemDriv
Manage Policies %SystemRoot%\SoftwareDistribution\Download %SystemDrive%\Program Files\Symantec %SystemDrive%\Program Files (x86)\Symantec %SystemDrive%\Program Files\Common Files\Symantec Shared %SystemDrive%\Program Files (x86)\Common Files\Symantec Shared %SystemDrive%\ProgramData\Symantec %AllUsersProfile%\Symantec %SystemDrive%\Program Files\PGP Corporation %SystemDrive%\PGPWDE00 %SystemDrive%\PGPWDE01 %SystemDrive%\PGPWDE02 %SystemDrive%\PGPWDE03 %SystemDrive%\SafeBoot.fs %SystemDrive%\SafeBoot.
Security Management Server - AdminHelp v9.8 %SystemDrive%\Program Files\Kaspersky Lab %SystemDrive%\Program Files (x86)\Kaspersky Lab %AllUsersProfile%\Kaspersky Lab %ProgramData%\Microsoft\Windows\Caches %SystemDrive%\$Windows.~BT %SystemRoot%\system32\.tmp %SystemDrive%\Program Files\WindowsApps %SystemRoot%\SystemApps %SystemRoot%\InfusedApps The following directories have Category 3 exclusions (including subfolders unless specified): F#:\System Volume Information\MountPointManagerRemoteDatabase F#:\.
Manage Policies %SystemDrive%\boot.bmp %SystemDrive%\CMG3301d.DAT %SystemDrive%\credsed.dat %SystemDrive%\credsed.log %SystemRoot%\bootstat.dat %SystemDrive%\credsde.boo %SystemRoot%\fonts\vgaoem.fon %SystemRoot%\AppPatch\drvmain.sdb %SystemRoot%\system32\config\.evt.ftl.regtrans-ms.blf %SystemRoot%\system32\config\system %SystemRoot%\system32\config\system.log %SystemRoot%\system32\config\system.log1 %SystemRoot%\system32\config\system.log2 %SystemRoot%\system32\config\system.alt %SystemRoot%\system32\conf
Security Management Server - AdminHelp v9.8 Encryption External Media operates off its own set of encryption rules independent of what Common Encryption, User Encryption, or SDE uses. User/Common Encryption policies will only be applied to fixed disks. If an endpoint is determined to be removable storage, then Encryption External Media policy will be applied. What Happens When Policies Tie • When an exclusion and inclusion statement both apply to a given directory or file, the exclusion policy prevails.
Manage Policies Policy descriptions also display in tooltips in the Remote Management Console. Policy Default Setting Description Pre-Boot Authentication This technology provides a secure, tamper-proof environment by preventing data from being read from the hard disk or operating system until the user enters the correct PBA login credentials. Pre-Boot Authentication serves as an extension of the BIOS or boot firmware to provide a trusted authentication layer, separate from the operating system.
Security Management Server - AdminHelp v9.8 Contactless Card One-Time Password See advanced settings Microsoft Passport This technology allows the use of Microsoft Passport, specifically authentication attempts and PIN usage. On Off Microsoft Passport Off Toggle to On to enable Microsoft Passport. If this policy is toggled to Off, no Microsoft Passport policies are enabled. Microsoft Passport is supported only on computers running Windows 10.
Manage Policies Specify the questions that will be presented to Windows users during recovery questions setup. Separate each question by a carriage return. These questions will be used if the Windows password is forgotten. At least 3 questions must be specified. What is the name of your first pet? Who was your first employer? Self Help Questions (Pre-8.
Security Management Server - AdminHelp v9.8 Enable One Step Logon Selected This policy simplifies the logon process when multi-factor authentication is enabled at both preboot and Windows logon. If selected (or not configured), authentication is required at preboot only, and users are automatically logged on to Windows. If not selected, authentication may be required multiple times.
Manage Policies Specify the questions that will be presented to Windows users during recovery questions setup. Separate each question by a carriage return. These questions will be used if the Windows password is forgotten. At least 3 questions must be specified.
Security Management Server - AdminHelp v9.8 remotely collected. The False Accept Rate is the probability of receiving a false acceptance decision when comparing fingerprints scanned from different fingers.
Manage Policies Reminder to Enroll Credentials Expiration Date (Admin) Now The date (time is always 12 am) when authentication policy is going into full effect. Meaning, the client stops asking the local admin to enroll credentials and forces them to enroll before they can logon. The default is “now”.
Security Management Server - AdminHelp v9.8 Policy Default Setting Description Advanced Threat Prevention This technology is powered by Cylance and protects your operating system by detecting and preventing malware pre-execution. Advanced Threat Prevention uses artificial intelligence and predictive mathematical models to quickly and accurately identify what is safe and what is a threat. Advanced Threat Prevention Off On Off Toggle ON to enable Advanced Threat Prevention.
Manage Policies Block Only Report Only Block and Report Action on Malicious Activity for Files and Folders Block and Report Prevents users from modifying or deleting Threat Protection system files and folders and sets the action to take upon attempt. Block Only: Blocks activity but does not report to the Server. Report Only: Reports activity to the Server but does not block activity. Block and Report (default): Blocks and reports activity to the Server.
Security Management Server - AdminHelp v9.8 Off Toggle to ON to enable Web Protection. If toggled to OFF, no Web Protection policies will be applied. Block Allow Warn Specifies the default action to apply to sites that have not been verified. Enforcement - Action to Apply to Sites Not Verified Allow Block: Prevents users from accessing the site and displays a message that the site is blocked. Allow: Permits users to access the site.
Manage Policies If Selected, no popup notifications of Advanced Threat Prevention events display on the client computer. Minimum Popup Notification Level High Medium Low Severity level of events that result in popup notifications that display on the client computer. A setting of High allows only notifications of critical events to display. A setting of Low displays all on-screen notifications for all events.
Security Management Server - AdminHelp v9.8 Advanced Threat Prevention This technology is powered by Cylance and protects your operating system by detecting and preventing malware pre-execution. Advanced Threat Prevention uses artificial intelligence and predictive mathematical models to quickly and accurately identify what is safe and what is a threat. Advanced Threat Prevention Off On Off Toggle ON to enable Advanced Threat Prevention.
Manage Policies Selected Not Selected Memory Protection Enabled This policy must be selected to use all other Memory policies. If this policy is Not Selected, no Memory Action policies are enforced, regardless of other policy values. Not Selected NOTE: Before enabling Memory Protection, enable Compatibility Mode, to ensure applications function properly on the client computer. For instructions on how to enable Compatibility Mode, see Enable Compatibility Mode for Memory Protection.
Security Management Server - AdminHelp v9.8 Security Platform\VSCore_ENS_10.1\Release\mfecanary.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfefire.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfehidin.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfemms.exe \Program Files\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\mfevtps.
Manage Policies Security Platform\MFEConsole.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\mfeProvisionModeUtility.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\RepairCache\CCUninst.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\aacinfo.exe \Program Files (x86)\McAfee\Endpoint Security\Endpoint Security Platform\VSCore_ENS_10.1\Release\cacheinfo.exe \Program Files (x86)\McAfee\Endpoint Securit
Security Management Server - AdminHelp v9.8 Ignore Alert Block Terminate Specify the action to take when a stack pivot threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Exploitation: Stack Pivot Alert Block - Block the process call if an application attempts to call a memory violation process. The application that made the call is allowed to continue to run.
Manage Policies Ignore Alert Block Terminate Specify the action to take when an overwrite code threat is detected. Ignore - No action is taken against identified memory violations. Exploitation: Overwrite Code Alert - Record the violation and report the incident to the Dell Server. Alert Block - Block the process call if an application attempts to call a memory violation process. The application that made the call is allowed to continue to run.
Security Management Server - AdminHelp v9.8 systems. This policy does not apply to Mac clients. Ignore Alert Block Terminate Specify the action to take when a remote memory allocation threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Process Injection: Remote Allocation of Memory Alert Block - Block the process call if an application attempts to call a memory violation process.
Manage Policies Ignore Alert Block Terminate Specify the action to take when a remote attempt to write to memory threat is detected. Ignore - No action is taken against identified memory violations. Alert - Record the violation and report the incident to the Dell Server. Process Injection: Remote Write to Memory Alert Block - Block the process call if an application attempts to call a memory violation process. The application that made the call is allowed to continue to run.
Security Management Server - AdminHelp v9.8 Remote Overwrite Code - A process has modified executable memory in another process. Under normal conditions executable memory will not be modified, especially by another process. This usually indicates an attempt to divert execution in another process. The Remote Overwrite Code process injection affects Windows operating systems. This policy does not apply to Mac clients.
Manage Policies Ignore Alert Block Terminate Specify the action to take when a remote APC scheduled threat is detected. Ignore - No action is taken against identified memory violations. Process Injection: Remote APC Scheduled Alert - Record the violation and report the incident to the Dell Server. Alert Block - Block the process call if an application attempts to call a memory violation process. The application that made the call is allowed to continue to run.
Security Management Server - AdminHelp v9.8 LSASS Read - Memory belonging to the Windows Local Security Authority process has been accessed in a manner that indicates an attempt to obtain users' passwords. The LSASS Read escalation affects Windows operating systems. This policy does not apply to Mac clients. Ignore Alert Block Terminate Specify the action to take when a zero byte allocation threat is detected. Ignore - No action is taken against identified memory violations.
Manage Policies Background Threat Detection Run Once Disabled Run Recurring Run Once If set to Run Recurring or Run Once, a full-disk scan is run to detect and analyze any dormant threats on the disk. An update to the Threat Model triggers a full-disk scan. Selected Not Selected Watch for New Files Set Maximum Archive File Size to Scan If selected, any new or modified files are detected and analyzed for dormant threats. Selected 150 MB Dell recommends enabling this policy.
Security Management Server - AdminHelp v9.8 in the Application Control Allowed Folders policy. IMPORTANT: Specify the following folder in the Application Control Allowed Folders policy when running Data Guardian Protected Office mode with this policy Selected: C:\Users\\AppData\Local\assembly\tmp This policy does not apply to Mac clients. String Application Control Allowed Folders Specify folders to be excluded from Application Control lockdown.
Manage Policies Macros PowerShell PowerShell Console Alert Alert Block Alert monitors Office macros running in the environment. Recommended for initial deployment. Block allows Office macros to run only from specific folders. This should be used only after testing in Alert mode. Note: Starting with Office 2013, macros are disabled by default. Most of the time, users should not be required to enable macros to view the content of an Office document.
Security Management Server - AdminHelp v9.8 String Quarantine List (available only in Disconnected mode) String This policy will NOT be sent to the client if the Server does not detect a Disconnected mode install token. The token is prefixed with *DELLAG*. The value of this policy includes a collection of hashes, represented by these JSON examples.
Manage Policies This policy does not apply to Mac clients. Selected Not Selected Enable Autoupload of Log Files Not Selected If selected, log files are automatically uploaded at 12:00 am or when their size reaches 100 MB. If this policy is Not Selected, logs can still be manually uploaded.
Security Management Server - AdminHelp v9.8 Block Only Report Only Block and Report Action on Malicious Activity for Processes Block and Report Prevents users from stopping Threat Protection processes and sets the action to take upon attempt. Block Only: Blocks activity but does not report to the Server. Report Only: Reports activity to the Server but does not block activity. Block and Report (default): Blocks and reports activity to the Server. String - Example: avtask.
Manage Policies On Off On-Access Protection Off Toggle to ON to enable On-Access Protection. If toggled to OFF, no On-Access Protection policies will be applied. On-Access Protection protects the critical operating system resources from changes made by malware or other unauthorized processes at the time a resource is accessed. 10 to 9999 Max Seconds for Scan 45 Specifies the maximum number of seconds for each file scan. Limits each file scan to the specified number of seconds.
Security Management Server - AdminHelp v9.8 Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Manage Policies By default, the scanner scans all file types, regardless of extension. Full Scan Selected Not Selected Boot Sectors Unwanted Programs Decode MIME Files Selected Examines the disk boot sector. Consider disabling this policy if a disk contains a unique or abnormal boot sector that cannot be scanned. Selected Not Selected Selected Not Selected Enables the scanner to detect potentially unwanted programs. The scanner uses configured information to detect potentially unwanted programs.
Security Management Server - AdminHelp v9.8 Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Manage Policies String - Comma-separated list of parameters Specify files, folders, and drives to exclude from scanning. Comma separated list of parameters: ,, Possible values: ,, Exclusions String Examples: FileOrFolder,C:\Users,false FileType,xml,false FileType,mp?,false ModifiedAge,120,true AccessedAge,150,false Cre
Security Management Server - AdminHelp v9.8 Clean file Delete file Continue scanning Specifies the action for the scanner to take when an unwanted program is detected if the first action fails. Exploit First Response Fails Delete file Clean files - Removes the threat from the detected file, if possible. Delete files - Deletes files with potential threats. Continue scanning - Continues scanning files when a threat is detected. The scanner does not move items to the quarantine.
Manage Policies Selected Not Selected This policy is the "master policy" for all other On-Demand Protection: Quick Scan policies. If this policy is Not Selected, no On-Demand Protection: Quick Scan policies are enforced, regardless of other policy values. A Selected value means that On-Demand Protection: Quick Scan is enabled. On-Demand Protection - Quick Scan Selected This policy must be set to Selected to enable On-Demand Protection: Quick Scan settings.
Security Management Server - AdminHelp v9.8 Disable Very Low Low Medium High Very High When enabled, samples are submitted to the lab to determine if they are malware. Sensitivity level configures the sensitivity level to use when determining if a detected sample is malware. The higher the sensitivity level, the higher the number of malware detections. However, allowing more detections might result in more false positive results.
Manage Policies String - Comma-separated list of parameters Specify files, folders, and drives to exclude from scanning. Comma separated list of parameters: ,, Possible values: ,, Exclusions String Examples: FileOrFolder,C:\Users,false FileType,xml,false FileType,mp?,false ModifiedAge,120,true AccessedAge,150,false Cre
Security Management Server - AdminHelp v9.8 Clean file Delete file Continue scanning Specifies the action for the scanner to take when an exploit is detected if the first action fails. Exploit First Response Fails Delete file Clean files - Removes the threat from the detected file, if possible. Delete files - Deletes files with potential threats. Continue scanning - Continues scanning files when a threat is detected. The scanner does not move items to the quarantine.
Manage Policies Selected Not Selected Selected Access Protection Access Protection prevents other computers from making a connection and creating or altering autorun (autorun.inf) files from CDs. The rule prevents spyware and adware distributed on CDs from being executed and will automatically block and report the issue. Selected Not Selected Script Scan Protection Selected This policy enables scanning JavaScript and VBScript scripts to prevent unwanted scripts from executing.
Security Management Server - AdminHelp v9.8 Prevention. Enforcement Enable HTML iFrames Support Enforcement Block Sites by Default if Reputation Service Server is not Reachable Enforcement Block Phishing Pages for All Sites Enforcement Specify Reputation Service Risk Level to Block Selected Selected Not Selected A Selected value blocks access to malicious (Red) and warn (Yellow) sites that appear in an HTML iframe.
Manage Policies Block Allow Warn Specifies the action to apply to sites that are rated Red. Rating Action for Red Sites Block Block: Prevents users from accessing the site and displays a message that the site is blocked. Block is the default for Red sites. Allow: Permits users to access the site. Warn: Displays a warning to notify users of potential dangers associated with the site. Users must dismiss the warning before canceling or proceeding to the site.
Security Management Server - AdminHelp v9.8 is the default for Yellow sites. Block Allow Warn Specifies the action to apply to file downloads that are Unrated. Rating Action for Unrated Downloads Allow Block: Prevents users from downloading the file and displays a message that the download is blocked. Allow: Permits users to proceed with the download. Allow is the default for Unrated downloads. Warn: Displays a warning to notify users of potential dangers associated with the download file.
Manage Policies Games Government/Military Potential Hacking/Computer Crime* Health Humor/Comics Discrimination Instant Messaging Stock Trading Internet Radio/TV Job Search Information Security Dating/Social Networking Mobile Phone Media Downloads Malicious Sites* Usenet News Nudity Non-Profit/Advocacy/NGO General News Online Shopping Provocative Attire P2P/File Sharing Politics/Opinion Personal Pages Portal Sites Remote Access Religion/Ideology Resource Sharing Search Engines Sports Streaming Media Sharewar
Security Management Server - AdminHelp v9.
Manage Policies On Off Client Firewall Toggle to ON to enable Client Firewall. If toggled to OFF, no Client Firewall Settings or Rules will be applied. Off Client firewall is a stateful firewall. See Client Firewall Settings and Rules. Settings and Rules Debug Logging for Client Firewall Selected Not Selected Not Selected A Selected value enables verbose logging of Firewall activity.
Security Management Server - AdminHelp v9.8 Log all blocked traffic to client activity log Check box Log all allowed traffic to client activity log Check box Enabled by default Logs all blocked traffic to the Firewall event log (FirewallEventMonitor.log) on the Endpoint Security Client. Disabled by default Logs all allowed traffic to the Firewall event log (FirewallEventMonitor.log) on the Endpoint Security Client. NOTE: Enabling this option might negatively impact performance.
Manage Policies Number of seconds (1-240) before TCP connections time out Number of seconds (1-300) before UDP and ICMP echo virtual connections time out Setting Up/down number selector Specifies the time, in seconds, that an unestablished TCP connection remains active if no more packets matching the connection are sent or received. The default number is 60; the valid range is 1–240.
Security Management Server - AdminHelp v9.8 Setting UI Control Description Description Name Text input field Specifies the descriptive name of the item. Status Check box Select Enable rule to make the rule active. Allow Block Treat match as intrusion Log matching traffic Allow - Allows traffic through the firewall if the item is matched. Actions Radio button/Check box Block - Stops traffic from passing through the firewall if the item is matched.
Manage Policies To add a network, click Add, then specify the following: Name - Specifies the network address name (required). Type - Select either Local Network or Remote Network. Specify Networks Button/Drop-down menu/text input field Click Add, then specify the following: Network type - Specifies the origin or destination of traffic. Select from the network types Single IP, Subnet, Local subnet, Range, or Fully qualified domain name IP address - Specifies the IP address to add to the network.
Security Management Server - AdminHelp v9.8 The MD5 hash of the process. Fingerprint String Enables or disables the digital signature check that guarantees code hasn't been altered or corrupted since it was signed with a cryptographic hash. Enable digital signature check Check box If enabled, specify: Allow any signature — Allows files signed by any process signer. Signed by — Allows only files signed by the specified process signer.
Manage Policies Escalation: LSASS Read Terminate Escalation: Zero Allocate Terminate Watch for New Files Selected Advanced Threat Events tab fields and filters The Advanced Threat Events tab displays information about events for the entire enterprise based on information available in the Dell Server. The tab displays if the Advanced Threat Prevention service is provisioned and licenses are available. To access the Enterprise Advanced Threats tab, follow these steps: 1.
Security Management Server - AdminHelp v9.8 (confidence level), AV Industry conviction (links to VirusTotal.com for comparison with other vendors), Date first found, Data last found, SHA256, MD5, File information (author, description, version), and Signature details. Filter Events Table Data Click the Threat Filters dropdown list at the upper right side of the table to view data about events by Priority, Status: Last 24 Hours, and Status: Total.
Manage Policies 3. Select Safe to add the selected items to the safelist, or select Remove from list to remove the selected files from the Global Quarantine list. Manually Add File to the Global Quarantine list 1. Click Edit Global List. 2. Click Add File. 3. Enter the file's SHA256 hash number. (required) 4. Enter the file's MD5 number, if available. 5. Enter the file name, if available. 6. Enter the reason the file should be quarantined. 7. Click Submit.
Security Management Server - AdminHelp v9.8 Columns display the File name, Interpreter (PowerShell or ActiveScript), Last found, Drive type (such as internal hard drive), SHA256, Number of devices on which the script is found, and Number of occurrences that were blocked or triggered alerts. To filter column data, click the filter icon on a column header and select values to include or exclude.
Manage Policies Manage Enterprise Advanced Threats - Cylance Score and Threat Model Updates A Cylance score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the confidence level that the file is malware. The higher the number, the greater the confidence. Threat Model Updates The predictive threat model used to protect devices receives periodic updates to improve detection rates.
Security Management Server - AdminHelp v9.8 Identify Classifications To identify classifications that could impact your organization, Dell recommends the following approach: 1. Apply a filter to the New Status column to display all Unsafe, Abnormal, and Quarantined files. 2. Apply a filter to the Production Status column to display all Safe files. 3. Apply a filter to the Classification column to only show Trusted - Local threats.
Manage Policies Safelist a file from the global quarantine list Safelist the selected file from the Global Quarantine list to allow it to run on any device in the organization. 1. Select Global Quarantine (n). 2. Select a file. 3. Click Safe. Safe Safelisted files and certificates are permanently treated as safe across all devices. Any certificate that is safelisted will be a known safe certificate for the Advanced Threat Prevention tenant.
Security Management Server - AdminHelp v9.8 Note: You must upload a certificate in order for it to be available to safelist. For more information, see Manage Enterprise Advanced Threats - Certificate. Remove a certificate from the safe list 1. Select Safe (n). 2. Select Certificates (n). 3. Select the certificate you want to remove from the safe list. 4. Click Remove from List. Unassigned Unassigned files can be added to the global quarantine or safe list.
Manage Policies 1. Select Unassigned (n). 2. Click Add File. 3. Enter the file's SHA256 hash number. (required) 4. Enter the file's MD5 number, if available. 5. Enter the file name, if available. 6. Enter the reason the file should be safelisted. 7. Click Submit. Add the selected file to the Global Quarantine list to prevent it from being run on any device in the organization. Adding a file to Quarantine removes it from lists of Unsafe or Unassigned files. 1. Select Global Quarantine (n). 2.
Security Management Server - AdminHelp v9.8 Threats - Lists all threats discovered in your organization. This information includes File Name and File Status (Unsafe, Abnormal, Waived, and Quarantined). Devices - Lists all devices in your organization that have an Agent installed. This information includes Device Name, OS Version, Agent Version, and Policy applied. Events - Lists all events related to the Threat Events Graph on the Dashboard for the last 30 days.
Manage Policies 2. Save the policy changes, and Commit_Policies. 3. Using the Registry Editor on the client computer, go to HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop. 4. Right-click Desktop, click Permissions, then take ownership and grant yourself Full Control. 5. Right-click Desktop, then select New > Binary Value. 6. For the name, type CompatibilityMode. 7. Open the registry setting and change the value to 01. 8. Click OK, then close Registry Editor. 9.
Security Management Server - AdminHelp v9.8 Global Allow policy example
Manage Policies
Manage Policies rT..
Security Management Server - AdminHelp v9.8 • Memory of all running processes. • Files that the Windows Registry references. • Contents of the Windows folder. • Contents of the Temp folder. By default, the scanner scans all file types, regardless of extension. Access Protection – Prevents other computers from making a connection and creating or altering autorun (autorun.inf) files from CDs.
Manage Policies Low - This setting is the minimum recommendation for laptops or desktops and servers with a strong security footprint. This setting results in an average of 10-15 queries per day, per computer. Medium - Use this level when the regular risk of exposure to malware is greater than the risk of a false positive. This setting is the minimum recommendation for laptops or desktops and servers. Average of 20-25 queries per day, per computer.
Security Management Server - AdminHelp v9.8 Through the following policies, you can assign actions to implement when a user accesses a website or attempts a download, based on website ratings: Rating Action for Red Sites - Specifies the action to apply to sites that are rated Red. Default: Block. Rating Action for Yellow Sites - Specifies the action to apply to sites that are rated Yellow. Default: Warn. Rating Action for Unrated Sites - Specifies the action to apply to sites that are Unrated.
Manage Policies 7. To enable connections to the internal update server, select Enabled. To enable later, clear the Enabled check box. 8. In the Order field, set the sequence in which clients will contact the internal update server in relation to other update servers. Dell recommends that you set the Order for internal update servers to precede the Order for external update servers. 9. Select the type of repository or path to the update server: HTTP repository, FTP repository, UNC path, or Local path.
Security Management Server - AdminHelp v9.8 it. Additional policies impact Office documents. For more information, see Set Security Policies to Protect Office Documents in Windows. Neither is On Files are not protected. If opened, content displays in cleartext. Files are not protected. If opened, content displays in cleartext. The Dell Server automatically updates profiles of cloud storage providers. For more information, see Cloud Profile Update.
Manage Policies settings must match. Dropbox Encrypt Personal Folders Selected (Windows) Dropbox Encrypt Personal Folders Message (Windows) Help File Visible Selected Not Selected Selected encrypts personal cloud storage provider folders. String String You have added files to your Dropbox Message to display when Dropbox Encrypt Personal Folders is set to (Personal) folder. Do not add business Not Selected. This message is customizable by the Administrator. files to your Dropbox (Personal) folder.
Security Management Server - AdminHelp v9.8 Office Protected Documents Both Select one option or Both to use Data Guardian with mobile clients. If this policy is Off, Data Guardian is not enabled for mobile clients, regardless of other policies. Dropbox Allow and Audit Allow and Audit Allow and Protect Disallow Sets the status for Dropbox usage and protection. Box Allow and Audit Allow and Audit Allow and Protect Disallow Sets the status for Box usage and protection.
Manage Policies Selected prevents the user from logging in to the web client. External user edit permission Not Selected Selected Not Selected Selected allows external users to edit files within the web client. Main Title Image Choose File button Image or logo to display on the login page. Note: The image must be a .jpg of square dimensions with a maximum file size of 25 KB. If the image height and width dimensions are not equal, the displayed image is stretched.
Security Management Server - AdminHelp v9.8 clouds; this maintains ownership/control of all data encryption keys. The supported public cloud providers are Dropbox, Dropbox for Business, Box, SkyDrive, OneDrive for Business, and Google Drive. Cloud Encryption On (Windows and Mac) Toggle On to enable Cloud Encryption policies. If this policy is Off, no Cloud Encryption protection takes place, regardless of other policies.
Manage Policies desktop.ini by carriage returns. thumbs.db creddb.cef ~$* .~* ~*.tmp .DDPCE.attr *.lnk Server Polling Interval 360 minutes 1-1440 minutes (Windows and Mac) How often, in minutes, the client checks in with the Dell Server for updates. Default is 360 minutes (6 hours). Software Update Server URL String (Windows) Use this policy if software updates for users will be located at an alternate Server URL.
Security Management Server - AdminHelp v9.8 Toggle On to provide users with a menu option for protecting Office documents (.docx, .xlsx, .pptx, .docm, .xlsm, and .pptm). On also allows you to enable other Protected Office policies. If this policy is Off, no Office-protected formatting takes place, regardless of other policies. Note: Enabled only at the Enterprise level.
Manage Policies Documents. • Watermark - Export is disabled. See Protected Export. • Disabled - Export is disabled for protected Office documents. Users can export unprotected Office documents. Note: For Office 2010, see Save and Send. Office Protected Clip Board Unauthorized Text (Windows) Pasting of protected data is not allowed on this String to display when a user attempts to computer. Please contact your administrator for paste secure data from a protected assistance.
Security Management Server - AdminHelp v9.8 • Callback Beacon URL String The Callback Beacon URL policy is set. Specifies the URL to be used when the callback beacon is inserted into Officeprotected files. The URL must be externally available, hosted on an HTTP server that is installed as part of Front End Server/Proxy Mode installation. Port 8446 must be open.
Manage Policies How often, in minutes, the client checks in with the Data Guardian for updates. Default is 360 minutes (6 hours). Workspace Access 4 or 6 4 Application pass code (PIN) Required number of characters for Workspace PIN. 4 - 16 8 Set maximum failed login attempts Set action on maximum failed login attempts Timeout for 1 minute Define the number of PIN login failures. Then set the policy for action to take on the Workspace after the failed attempts.
Security Management Server - AdminHelp v9.8 Web Portal Portal This technology allows for files to be automatically encrypted prior to being uploaded to supported public clouds using a web-based client; this maintains ownership/control of all data encryption keys. The supported public cloud providers are Dropbox, Dropbox for Business, Box, SkyDrive, OneDrive for Business, and Google Drive. Office Protected Files Cover Page Acceptance Text String Text to be displayed on Office Protected File Cover Page.
Manage Policies • • Protected Office Documents policies have been enabled but the user has not yet installed or activated the Data Guardian. • User opens a protected Office document from the cloud. • User downloads a protected Office document to a device that does not have Data Guardian installed. Unauthorized users - The cover page displays, and the person cannot access the content.
Security Management Server - AdminHelp v9.8 5. • Opt-in mode (allows users the option to choose which Office documents to protect): Toggle the Protected Office Documents policy to On. • Force-Protected mode (ensures protection of all Office documents): • At the Enterprise level, toggle the Protected Office Documents policy to On. • At the Enterprise, Endpoint Groups, or Endpoints level, click Show advanced settings and select the Force Protected files only check box.
Manage Policies Open Save Save As Protected Save As Files open as usual. Files open as usual. Unprotected documents open in readonly mode. See Save and Protected Save As. User clicks Save: the file is protected. User clicks Save: the file is saved but not in protected mode. User clicks Save: the file is protected. Enabled for user - saves as unprotected Enabled for user- saves as unprotected Disabled for user - the only option is Protected Save As.
Security Management Server - AdminHelp v9.8 the File menu only if the Export Control policy is set to Watermark. with their name, domain name, and computer ID displays on each page. domain name, and computer ID displays on each page. Note: Export is disabled for the user. Note: Export is disabled for user. Save and Enabled for user Send (Office 2010) Enabled for user Note: To export to a PDF, the user can use the Print menu (if Print Control policy is set to Allowed) to print to a PDF.
Manage Policies 1. Log in to the Remote Management Console. 2. In Populations > Enterprise, under the Data Guardian technology group, click the Protected Office Documents policy group. 3. Toggle the Protected Office Documents policy to On. 5. Note: The Force Protected files only policy is not available for Mac. 4. At the Enterprise level, under Data Guardian, click Settings. 5. 6. Ensure the Allow Mac Data Guardian Activation check box is selected.
Security Management Server - AdminHelp v9.8 Policy Default Setting Description Windows Media Encryption This technology works on Windows computers using Dell Encryption External Media to encrypt data on removable devices, which can be accessed using a user-defined password. These policies allow configuration of the Encryption External Media password requirements and the removable media allowed. Windows Media Encryption Off This policy must be selected to use all other Removable Storage policies.
Manage Policies from the unencryptable external media, but write access to the media is blocked. If Windows Media Encryption is Off, then this policy has no effect and access to unencryptable external media is not impacted. See advanced settings Policy Default Setting Description Mac Media Encryption This technology works on Mac computers using Dell Encryption External Media to encrypt data on removable devices, which can be accessed using a user-defined password.
Security Management Server - AdminHelp v9.8 you have full read/write access to removable storage. If you choose not to encrypt removable storage and this policy is set to Read-Only, you cannot read or delete existing files on the unencrypted removable storage, but the Encryption client will not allow any files to be edited on, or added to, the removable storage unless it is encrypted.
Manage Policies • Windows Media Encryption • EMS Scan External Media • EMS Encryption Algorithm • EMS Exclude CD/DVD Encryption • EMS Data Encryption Key Advanced Removable Media Encryption A note about Removable Storage policies: Encryption External Media for Mac policies are device-based policies. This is different behavior than Encryption External Media for Windows, which are user-based. Policy descriptions also display in tooltips in the Remote Management Console.
Security Management Server - AdminHelp v9.8 colleague. Not selecting Roaming automatic authentication also promotes a sense of awareness from a security perspective for users that the data being written to that media is protected. Selected allows the user to access encrypted data on removable storage whether the endpoint is Dell-encrypted or not. EMS Access Encrypted Data on unShielded Device Selected More...
Manage Policies Protection\Encryption\EMS. 3. Find PNPDeviceID= and enter the applicable values, explained below. For example: 14.03.18 18:50:06.834 [I] [Volume "F:\"] PnPDeviceID = USBSTOR\DISK&VEN_SEAGATE&PROD_USB&REV_0409\2HC015KJ&0 Specify the following: VEN=Vendor; Green highlighted text represents the vendor's devices to be excluded PROD=Product/Model Name; Blue highlighted text also excludes all of Seagate’s USB drives; a value represented by green highlighted text must precede this value REV=Firmwa
Security Management Server - AdminHelp v9.8 8, 16, 32 EMS Access and Device Code Length 16 EMS Access Code Attempts Allowed 3 Number of characters access and device codes have. 32 characters is the most secure, while 8 is the easiest to enter. 1-10 Number of times the user can attempt to enter the access code.
Manage Policies -R#:\Notes -R#:\Photos You can also force encryption of specific file types in the directories above. Adding the following rules will ensure that ppt, pptx, doc, docx, xls, and xlsx files are encrypted in the directories excluded from encryption via the previous rules: ^R#:\Calendars ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Contacts ;ppt .doc.xls .pptx.docx .xlsx ^R#: \iPod_Control ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Notes ;ppt.doc .xls.pptx .docx.xlsx ^R#:\Photos ;ppt.doc .xls.pptx .docx.
Security Management Server - AdminHelp v9.8 release. Choose a key to be used by the Encryption client to encrypt all data encrypted by the Encryption External Media. EMS Alpha Characters Required in Password Selected Selected requires one or more letters in the password. EMS Mixed Case Required in Password Selected Selected requires at least one uppercase and one lowercase letter in the password. EMS Number of Characters.
Manage Policies We recommend that you customize the message to include specific instructions about how to contact the Help Desk or Security Administrator. Encryption rules to be used to encrypt/not encrypt certain drives, directories, and folders. A total of 2048 characters are allowed. "Space" and "Enter" characters used to add lines between rows count as characters used. Any rules exceeding the 2048 limit are ignored. See Encryption Rules for information. More...
Security Management Server - AdminHelp v9.8 Disabled, Enable Local, Enable Roaming EMS Automatic Authentication Local Local automatic authentication allows the Dell-encrypted media to be automatically authenticated when inserted in the originally Dell-encrypting computer when the owner of that media is logged in.
Manage Policies PNPDeviceID. Using the previous PNPDeviceID as an example, a space before and after the semicolon would cause neither of the substrings to be matched, because the space character is not part of the PNPDeviceID. Instructions... 1. Insert USB removable media. 2. Open System Profiler. 3. Under Hardware, select the USB device and find the Product ID and Vendor ID, as follows: Capacity:2.
Security Management Server - AdminHelp v9.8 Removable Media Policies that Require Logoff • Windows Media Encryption • EMS Scan External Media • EMS Encryption Algorithm • EMS Exclude CD/DVD Encryption • EMS Data Encryption Key Mac Encryption Mac Encryption Policy descriptions also display in tooltips in the Remote Management Console. In this table, master policies are in bold font.
Manage Policies Volumes Targeted for Encryption All Fixed Volumes System Volume Only All Fixed Volumes The System Volume Only setting secures only the currently running system volume. String - maximum of 1500 characters List fully qualified Policy Proxy hostnames, or IP addresses, separated by carriage returns. More... Once the Encryption client finds a valid entry, the remainder of the entries are ignored. Entries are processed in the following order: 1.
Security Management Server - AdminHelp v9.8 More... The Encryption client displays the restart prompt for five minutes each time. If the user does not respond to the prompt, the dialog is dismissed and next delay begins. If the five-minute timer expires and no restart delays remain, the computer will restart immediately.
Manage Policies Required, Optional Firmware Password Mode Required Specify if the firmware password in older hardware is optional or required for Dell Volume Encryption. Ignore, Report, Convert Specify behavior when volume is Dell encrypted and policy is for FV2 encryption. FileVault 2 Policy Conflict Behavior Ignore Ignore – Default behavior, Dell encrypted volumes are reported as protected if the policy requires FV2 encryption. Report – Conflicted volumes are reported to the Server as unprotected.
Security Management Server - AdminHelp v9.8 Windows Port Control This technology allows for control of all the physical ports on a Windows computer (disable/enable/bypass), and can be customized by port type. Port Control System Disabled Enable or Disable all Port Control System policies. If this policy is set to Disable, no Port Control System policies are applied, regardless of other Port Control System policies. All PCS policies require a reboot before the policy takes effect.
Manage Policies See advanced settings Advanced Port Control Policy descriptions also display in tooltips in the Remote Management Console. In this table, master policies are in bold font. Policy Default Setting Description Windows Port Control This technology allows for control of all the physical ports on a Windows computer (disable/enable/bypass), and can be customized by port type. CHILD of Class: Storage. Class: Storage must be set to Enabled to use this policy.
Security Management Server - AdminHelp v9.8 is disabled Blocked: Port is blocked from read/write capability This policy is endpoint-based and cannot be overridden by user policy. Port: PCMCIA Enabled Enable, Disable, or Bypass port access to PCMCIA ports. Port: Firewire (1394) Enabled Enable, Disable, or Bypass port access to external Firewire (1394) ports. Port: SD Enabled Enable, Disable, or Bypass port access to SD card ports.
Manage Policies such as Encryption client re-activation and forensic analysis. Enable In-App Feedback Not selected Server Polling Interval 360 minutes Custom Support Dialog String When selected, an end user can submit feedback and satisfaction ratings to Dell via a link within the client application to a web form. 1-1440 minutes How often in minutes the SED client attempts to contact the Dell Server for updates.
Security Management Server - AdminHelp v9.8 this policy is not selected, no Audit Control takes place, regardless of other policies. It also enables the collection of audit data from Data Guardian clients. See advanced settings Advanced Global Settings Global Settings policies are available at the Enterprise, Endpoint Groups, and Endpoints levels. All Global Settings policies are endpoint-based, meaning the policies follow the endpoint, not the user.
