Update Policy States
The Update Policy States service task is responsible for updating a policy's state across all endpoints. This service task is necessary to periodically reconcile any Resultant Set of Policy for endpoints.
Policy updates are usually applied to an endpoint at the next polling interval, but in some cases it may take longer to calculate the new policy and more than one polling interval may pass before the policy is applied to the endpoint. One way this can occur is when a policy has attachments, such as search locations or ignore lists, and these attachments need to be generated. If they have not been generated at the next polling interval, then the Agent makes another request at the next polling interval.
Some policy changes require the Update Policy States Service Task to run, in which case the endpoint does not update until the next time the Update Policy States Service Task is executed.
For example, you would need to run the Update Policy States Service Task in order for the policy to be recalculated if one of the following happened:
-
An endpoint, or the tag in which it exists, is added to another tag or removed from a tag.
-
An endpoint, or the tag in which it exists, is removed from a policy.
The Update Policy States Service Task also removes Search Now and Gather Data tasks that have a Current Status of 'Task Executed' from the Endpoint Status Detail Tasks tab.
The Update Policy States Task has the following options:
Field | Description |
---|---|
Information | This text field is used to provide a description of the purpose of the Update Policy States task being created and is only present to help users manage their tasks. |
Location | This option only displays if you have chosen to replicate your database prior to installation of the Console, but is disabled for this service task. |
Maximum task run time |
Specify the amount of time that the service task has to complete. For example, if you set the Maximum task run time to 5 minutes, after 5 minutes has elapsed from the time the service task first executes, the service job stops and its status shows as Aborted. The default setting is indefinitely. The following options are available:
|
This service task is scheduled by default to run hourly with a new installation of the Console.
Note: If an endpoint has only a single policy applied to it and that policy is removed, the policy settings will still be in effect for that endpoint until the Update Policy States service job is run and the endpoint polls the Console.