Configuring Host Checker Third-Party Applications Using Predefined Rules (NSM Procedure)

Host Checker comes pre-equipped with a vast array of predefined rules that check for antivirus software, firewalls, malware, spyware, and specific operating systems from a wide variety of industry leaders. You can enable one or more of these rules within a Host Checker client-side policy to ensure that the integrated third-party applications that you specify are running on your users’ computers in accordance with your specifications. For firewall and antivirus rules, you can specify remediation actions to automatically bring the endpoint into compliance.

To configure third-party applications using predefined rules:

  1. In the navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure Host Checker third-party applications using predefined rules.
  3. Click the Configuration tab and select Authentication > Endpoint Security > Host Checker. The corresponding workspace appears.
  4. Create a new policy or click an existing policy in the Policies section of the page.
  5. Click the tab that corresponds to the operating system for which you want to specify Host Checker options—Windows, Mac, Linux, Solaris and Windows Mobile. In the same policy, you can specify different Host Checker requirements for each operating system.
  6. Add and modify settings as specified inTable 65.
  7. Specify the support products or vendors for a system scan check.
  8. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 65: Configuring Host Checker Third-Party Applications Using Predefined Rules Details

OptionFunctionYour Action
Predefined Antivirus Rules

Rule Name

Specifies the name for Antivirus rule.

Enter the rule name.

Select Products

Specifies the support products or vendors for system scan check.

Select one of the following options:

  • Require any supported product—Specifies the software vendor’s product that is supported for the system scan check.
  • Require specific products/Vendors—Specifies the specific vendor for the system scan check.

Require any supported product from a specific vendor

Checks for any product (rather than requiring you to select every product separately).

Select the Require any supported product from a specific vendor to enable this feature.

Require specific products

Checks for specific products/vendors to define compliance by allowing any product by a specific vendor (for example, any Symantec product).

Select the Require specific products to enable this feature.

Enable Scan period check

Enables the System scan for the product.

Select the Enable Scan period check to enable this feature.

Successful System Scan must have been performed in the last: (days)

Specifies the days to perform the system scan.

Enter the days.

Consider this rule as passed if 'Full System Scan' was started successfully as remediation.

Passes the rule if system full scan starts successfully as remediation.

Select the Consider this rule as passed if 'Full System Scan' was started successfully as remediation. to enable this feature.

Enable virus definitions update check

Checks for the viral updates.

Select the Enable virus definitions update check to enable this feature.

Virus Definition files should not be older than (updates)

Specifies the update of client Virus definition files the client must use.

Enter a number between 1 and 10. For example: If you enter 1, the client must have the latest update. You must import the virus signature list for the supported vendor.

Monitor this rule for change in result

Continuously monitors the policy compliance of endpoints.

Select the Monitor this rule for change in result to enable this feature.

Enable Download latest virus definition files for all supported products

Allows you to download latest virus definition files for all supported products.

Select the Enable Download latest virus definition files for all supported products to enable this feature.

Enable Turning on Real Time Protection for all supported products

Enables turning on real time protection for all supported products.

Select the Enable Turning on Real Time Protection for all supported products to enable this feature.

Enable Starting of Antivirus Scan for all supported products

Scans supported products with antivirus scan.

Select the Enable Starting of Antivirus Scan for all supported products to enable this feature.

Selected Vendors tab

Selected Vendors

Allows you to select the specific vendors.

Select the vendor, and then click Add to move the vendor from the Non-members to the Members list.

Specific Products Selected tab

Specific Products Selected

Allows you to select the specific products.

Select the product, and then click Add to move the product from the Non-members to the Members list.

Selected Products tab

Product name

Allows you to select the product.

Select the product from the Product name drop-down list.

live-update

Allows live-update for the product.

Select the live-update option to enable this feature.

set-real-time-protection-on

Allows real-time protection for the product.

Select the set-real-time-protection on option to enable this feature.

start-scan

Starts the scanning process for the product.

Select the start-scan option to enable this feature.

Predefined Firewall Rules

Rule Name

Specifies the name for the firewall rule.

Enter the name.

Select Products

Allows you to select your firewall vendor(s) and product(s).

Select one of the following options from the drop-down list:

  • Require any supported product—Specifies the software vendor’s product that is supported for the system scan check.

  • Require specific products/vendors—Specifies the specific vendor for the system scan check.

Require any supported product from a specific vendor

Checks for any product (rather than requiring you to select every product separately)

Select the Require any supported product from a specific vendor to enable this feature.

Require specific products

Specifies specific products/vendors, and defines compliance by allowing any product by a specific vendor (for example, any Symantec product).

Select the Require specific products to enable this feature.

Monitor this rule for change in result

Continuously monitors the policy compliance of endpoints.

Select the Monitor this rule for change in result to enable this feature.

Turn on firewall for all supported products

Turns on the Firewall.

Select the Turn on firewall for all supported products to enable this feature.

Selected Vendors tab

Selected Vendors

Allows you to select the specific vendors.

Select the vendor, and then click Add to move the vendor from the Non-members to the Members list.

Specific Products Selected tab

Specific Products Selected

Allows you to select the specific products.

Select the product, and then click Add to move the product from the Non-members to the Members list.

Selected Products

Product name

Allows you to select the product.

Select the product from the Product name drop-down list.

turn-on-firewall

Turns on the Firewall for the product.

Select the turn-on-firewall option to enable this feature.

Predefined Malware Rules

Rule Name

Specifies the name of the Malware rule.

Enter the Malware rule name.

Monitor this role for change in result

Continuously monitors the policy compliance of endpoints.

Select the Monitor this role for change in result to enable this feature.

Selected Products

Allows you to select the products.

Select the product, and then click Add to enable this feature.

Predefined Spyware Rules

Rule Name

Enter the name for the spyware rule.

Enter the name.

Select Products

Allows you to select products or vendors

Select one of the following options from the drop-down list:

  • Require any supported product—Specifies the software vendor’s product that is supported for the system scan check.
  • Require specific products/vendors—Specifies the specific vendor for the system scan check.

Require any supported product from a specified vendor

Checks for any product (rather than requiring you to select every product separately).

Select the Require any supported product from a specific vendor option to enable this feature.

Require specific products

Specifies specific products/vendors, and defines compliance by allowing any product by a specific vendor (for example, any Symantec product).

Select the Require specific products option to enable this feature.

Monitor this rule for change in result

Continuously monitors the policy compliance of endpoints.

Select the Monitor this rule for change in result option to enable this feature.

Selected Vendors tab

Selected Vendors

Allows you to select the vendors.

Select the vendor, and then click Add to move the vendor from the Non-members to the Members list.

Specific Products Selected tab

Specific Products Selected

Allows you to select specific products.

Select the product, and then click Add to move the product from the Non-members to the Members list.

Selected Products

Product name

Allows you to select the product.

Select the product from the Product name drop-down list.

Predefined OS Checks Rules

Rule Name

Specifies the name for the OS Checks rule.

Enter the name.

OS Selections

Specifies the operating systems.

Select the operating system, and then click Add to move from the Non-members to the members list.

Related Documentation