Applying security policies to agents

You must apply at least one security policy to every agent group. Several secondary policies can also be added, and will apply when certain conditions are met.

You can add a conditional policy for mobile users, which applies when some workstations are no longer located within the internal corporate network. You could also define a quarantine policy that applies as soon as an agent's health indicators reach unsatisfactory levels.

To apply one or several security policies to an agent group:

  1. Go to the Policies tab in an agent group.
  2. Choose the main security policy that you want to apply to all agents in the group from the Policy drop-down list.

    A blank policy is offered in the drop-down list. When one is used, the protection of an agent group (except self-protection) can be temporarily disabled, for example for tests and troubleshooting.

  3. Click on Add a conditional policy if you need one, and give the policy a name.
  4. Choose the policy that will apply under certain conditions from the Policy drop-down list.
  5. Click on Add a condition and give the condition a name.
  6. Click on Add a test and choose from one of the following tests:
  7. Add other tests if necessary, and click on OK. The sequence of the tests does not matter because ALL tests must be validated before the condition can be met.
  8. Add other conditions if necessary. As soon as one condition is met, the corresponding policy will apply.
    Conditions apply in the order of their appearance.
  9. If you want to run a custom script every time the conditional policy is applied, click on Add a task. When the script is added, specify its path, arguments and where to run it.
    It is best to use Local service as this is an account with restricted privileges. Do not choose Interactive session or System accounts unless absolutely necessary.
  10. Under Triggers, select one or several events that will trigger the verification of conditions:
    • Enable Every to check conditions at the regular interval that you specify.
    • Enable Network event to check conditions if the network interface does not stay the same on the workstation, e.g., if it is connected to a WiFi network, if it is a laptop plugged into a docking station, etc.
  11. Click on OK. A summary of the conditions will appear in the Policies tab of the agent group.
  12. Arrange the conditions in the sequence of your choice using the arrows on the left. The sequence of conditional policies is important.

Quarantining a workstation if its health indicators are unsatisfactory.

In this example, every 10 minutes, a script will run on the agents and check their health status. If an agent's results are unsatisfactory, the Quarantine policy will be applied to the agent and a second repair script will run. A quarantine policy isolates an agent by blocking, for example, its communications over the network and all removable devices, except those used by administrators.
Example of a Mobility conditional policy

Applying a specific policy for laptop computers.

In this example, every time a network event occurs on a workstation, SES Evolution will launch all the tests defined for this condition:
  • The workstation is not connected to its domain network,
  •  The agent handler cannot be reached.

If the results of the tests are positive, the Mobility policy will be applied.
Example of a Quarantine conditional policy