Right Click Operations

In this article Policy Menu Definitions Menu Search Menu Increase Priority Menu Decrease Priority Menu Edit Mode

Policy Menu

The Policy Menu item provides the ability to create, duplicate or delete a policy.

Create

Create a new System, User Default, or Scheduled Task policy to specify settings and search criteria for specified tags or endpoint(s). The policy type cannot be changed after it is created, but the Clone function can be used to assist with that task if necessary. Clicking Create displays the Policy Wizard set to the Policy tab.

Clone

Make a copy of the selected policy and specify the name as well as whether the policy should be a System, User Default, or Scheduled Task policy.

The policy type cannot be changed after it is created, but the Clone function can be used to assist with that task if necessary. The cloned policy includes the Settings and Search Locations of the original policy. To clone a policy, you must first highlight the policy name or the clone option is dimmed.

• Name: Enter the name of the new policy that will be created from selected policy. This is the name that displays in the policy list.
• Policy type: When cloning a policy, the type of policy can be set as System, User Default, or Scheduled task. The policy type cannot be changed after it is created.
  • System: A System Policy applies to all users and all searches on an endpoint. Users of the Agent software cannot modify a setting if that setting is defined in this policy. A setting defined in a System policy overrides the value of a setting in any other policy type. For example, if a setting is defined in a User Default policy and the same setting is defined in System policy with a different value, the System policy value is used as it is authoritative. A System policy is the only policy type that allows Global Ignore Lists to be assigned.
  • User Default: A User Default Policy Applies only the first time the Agent software is run on each endpoint (unless specific settings are configured in a System policy). The user is able modify their configuration for any setting defined in this policy. These policies are most commonly used to specify settings that are different than the internal application defaults, but that still allow the user to change those settings. User Default policies do not support the use of Global Ignore Lists or Scheduled Tasks.
  • Scheduled Task: A Scheduled Task policy applies only to the scheduled tasks defined within the policy itself. The policy is only effective during those scheduled searches that are part of this policy. If there is a System policy applied to the same endpoints as this policy, the System settings take precedence. Scheduled Task policies do not support the use of Global Ignore Lists.
• Description: Use this field to enter a description of the policy.
• Endpoint associations: Select Clone to include the list of endpoints to which the selected policy is applied. Select Don't Clone and the list of endpoints are not included on the cloned policy.
• Scheduled Tasks: Select Clone to include the list of Scheduled Tasks to which the selected policy is applied. Select Don't Clone (default) and the list of Tasks are not included on the cloned policy.

Delete

Permanently delete the selected policy. To delete a policy, you must first highlight the policy name or the delete option is dimmed. A confirmation dialog prompts you to ensure that you would like to delete the selected policy. Policy deletion is a permanent operation and cannot be undone. If an endpoint has already downloaded a policy for which you have selected Initiate Search, deleting the policy will not cancel that Search.

Definitions Menu

Export or import a policy definition in xml format. The policy definition contains the settings and search locations of the selected policy. The policy definitions can be exported as xml definitions files to be imported into another Console server. The most common scenario for exporting and importing policy definitions are to move policies from staging/test Consoles into production.

Import

To import policy definitions from an XML file and add the specified policy to the Policy List, select Import and then use the file selection dialog to locate the policy definitions xml file on disk.

A warning displays when importing a policy where selected SDTs and endpoints are imported and

1. An SDT is assigned that has a min endpoint version AND
2. An endpoint (or endpoint in an assigned tag) has a version less than the SDT min version.

• Name: Enter the name of the new policy that will be created from the imported XML file. This is the name that displays in the policy list.
• Policy type: When importing a policy, the type of policy can be set as System, User Default, or Scheduled task.
  • System: A System Policy applies to all users and all searches on an endpoint. Users of the Agent software cannot modify a setting if that setting is defined in this policy. A setting defined in a System policy overrides the value of a setting in any other policy type. For example, if a setting is defined in a User Default policy and the same setting is defined in System policy with a different value, the System policy value is used as it is authoritative. A System policy is the only policy type that allows Global Ignore Lists to be assigned.
  • User Default: A User Default Policy Applies only the first time the Agent software is run on each endpoint (unless specific settings are configured in a System policy). The user is able modify their configuration for any setting defined in this policy. These policies are most commonly used to specify settings that are different than the internal application defaults, but that still allow the user to change those settings. User Default policies do not support the use of Global Ignore Lists or Scheduled Tasks.
  • Scheduled Task: A Scheduled Task policy applies only to the scheduled tasks defined within the policy itself. The policy is only effective during those scheduled searches that are part of this policy. If there is a System policy applied to the same endpoints as this policy, the System settings take precedence. Scheduled Task policies do not support the use of Global Ignore Lists.
• Description: Use this field to enter a description of the policy.
• File: Select the XML file to import using the file selection dialog.
• Import All Settings: Any settings that exist in the policy definition should be explicitly set in the imported policy.
• Don't Import Default Settings: Only those settings that are different from the default values for the setting should be set in the imported policy.

Export

To export policy definitions to an XML file, select Export and specify the desired file name. To export a policy, you must first highlight the policy name of the policy to be exported or the export option is dimmed.

• Name: Enter the name to use when exporting the policy. This will be the filename of the exported XML file that is created.
• Policy Type: When exporting a policy, the type of policy can be set as System, User Default, Scheduled task or Local File.
  • System: A System Policy applies to all users and all searches on an endpoint. Users of the Agent software cannot modify a setting if that setting is defined in this policy. A setting defined in a System policy overrides the value of a setting in any other policy type. For example, if a setting is defined in a User Default policy and the same setting is defined in System policy with a different value, the System policy value is used as it is authoritative. A System policy is the only policy type that allows Global Ignore Lists to be assigned.
  • User Default: A User Default Policy Applies only the first time the Agent software is run on each endpoint (unless specific settings are configured in a System policy). The user is able modify their configuration for any setting defined in this policy. These policies are most commonly used to specify settings that are different than the internal application defaults, but that still allow the user to change those settings. User Default policies do not support the use of Global Ignore Lists or Scheduled Tasks.
  • Scheduled Task: A Scheduled Task policy applies only to the scheduled tasks defined within the policy itself. The policy is only effective during those scheduled searches that are part of this policy. If there is a System policy applied to the same endpoints as this policy, the System settings take precedence. Scheduled Task policies do not support the use of Global Ignore Lists.
  • Local File: A Local File policy is intended for local usage on the Spirion Enterprise Agent. The Spirion Enterprise Agent uses the Policy XML format for importing and exporting its configuration. The Agent's exported Policy XML is marked as Local File, though this XML file can be imported and targeted to a different policy type. Additionally, a policy in the Console can be exported for use as a configuration file specified on the command line at the Spirion Enterprise Agent.
• Passwords: To include passwords that you have entered in the selected policy for remote machines, databases and websites, place a checkmark in the box. The XML file is plain text and an unsecured file. Files saved in this format must be kept secure. If the box is left unchecked, passwords are not included in the XML file.
• Endpoints: Select Export to include the list of endpoints to which the selected policy is applied. Select Don't Export and the list of endpoints are not exported.
• Custom Folders: Select Export and any Custom Folders you have defined in the selected policy are included in the XML file. Select Don't Export and the Custom Folders are not exported.
• Remote Machines: Select Export and any Remote Machines you have configured in the selected policy are included in the XML file. Select Don't Export and the Remote Machines are not exported.
• Databases: Select Export and any Databases you have defined in the selected policy are included in the XML file. Select Don't Export and the Databases are not exported.
• Websites: Select Export and any Websites you have defined in the selected policy are included in the XML file. Select Don't Export and the Websites are not exported.
• SharePoint Sites: Select Export and any SharePoint Sites you have defined in the selected policy are included in the XML file. Select Don't Export and the SharePoint Sites are not exported.
• Exchange Servers: Select Export and any Exchange Servers you have defined in the selected policy are included in the XML file. Select Don't Export and the Exchange Servers are not exported.
• Custom Types: Select Export and any Sensitive Data Types you have applied to the selected policy are included in the XML file. Select Don't Export and the Sensitive Data Types are not exported.
• File Hashes: Select Export and any File Hashes you have defined in the selected policy are included in the XML file. Select Don't Export and the File Hashes are not exported.
• Cloud Storage: Select Export and any Cloud Storage providers you have applied to the selected policy are included in the XML file. Select Don't Export and the Cloud Storage providers are not exported.
• Google Gmail: Select Export and any Google Gmail accounts you have applied to the selected policy are included in the XML file. Select Don't Export and the Google Gmail accounts are not exported.
• Scheduled Tasks: Select Export and any Scheduled Tasks you have configured in the selected policy are included in the XML file. Select Don't Export and the Scheduled Tasks are not exported.
• Global Ignore Lists: Select Export and any Global Ignore Lists you have applied to the selected policy are included in the XML file. Select Don't Export and the Global Ignore Lists are not exported.
• Permissions: Select Export and any Permissions you have assigned to the selected policy are included in the XML file. Select Don't Export and the Permissions are not exported.

 

Search Menu

Initiate Search

You can directly initiate a search on all tags and endpoints to which the selected policy has been applied via the Search menu item. The Initiate Search menu item is enabled for System and Scheduled Task type policies only. If selecting Initiate Search from a System policy, the search uses the settings defined in that System policy and any other System Policies to which the endpoints in the selected policy belong. If selecting Initiate Search from a Scheduled Task policy, the search uses any settings defined in the selected Scheduled Task policy and all settings defined any System Policy to which the endpoints in the selected policy belong.

Cancel Search

Cancel Search does not stop a search that is currently running. Cancel Search removes any pending searches created by using the Initiate Search option. If the endpoint has already downloaded a policy that included the request to perform a search, you cannot cancel the search from the Console. The Cancel Search menu item is enabled for System and Scheduled Task type policies only.

Increase Priority Menu

Change the priority of the selected policy to be higher than the policy above it in the Policy List. The policy at the top of the list has the highest priority and the policy at the bottom of the list has the lowest priority. For any conflicting settings in policies that apply to the same endpoint, the setting from the policy with the higher priority is used. Note: The Increase Priority menu option is disabled when policies are sorted by name.

Increase Priority

Increases the priority of the selected policy to be higher than the policy above it in the policy list.

Move to Top

Moves the selected policy to the top of the policy list.

If another user has already changed the priority of the same policy, the following message displays: "The priority has not been changed because the list has been re-ordered in the meantime by another user." Please Refresh the Policy List to see the changes that the other user has made and then make your changes.

Decrease Priority Menu

Change the priority of the selected policy to be lower than the policy below it in the Policy List. The policy at the top of the list has the highest priority and the policy at the bottom of the list has the lowest priority. For any conflicting settings in policies that apply to the same endpoint, the setting from the policy with the higher priority is used. Note: The Decrease Priority menu option is disabled when policies are sorted by name.

Decrease Priority

Decreases the priority of the selected policy to be lower than the policy below it in the policy list.

Move to Bottom

Moves the selected policy to the bottom of the policy list.

If another user has already changed the priority of the same policy, the following message displays: "The priority has not been changed because the list has been re-ordered in the meantime by another user." Please Refresh the Policy List to see the changes that the other user has made and then make your changes.

Edit Mode

Change the state of the selected policy to edit (draft) mode. When in edit mode, changes to the policy are not applied to the endpoints. When exiting edit mode, the option is presented to save or discard any changes. If the changes are saved, the endpoints receive those changes the next time they poll, and a warning displays prompting save, discard, or cancel if the policy has the following:

1. An SDT assigned with a min endpoint version, AND
2. An endpoint (or endpoint in an assigned tag) has a version less that the SDT min version.