Configure the Device Control Reboot Behavior Option

After the server module is installed, configure your Agent Policy Sets for Device Control. These configuration determine how the Endpoint Security Agent handles the reboot that's required to complete installation of the Device Control endpoint module.

Agent Policy Sets are not the same as Device Control Policies. They are two different types of policies.

To Configure the Device Control Reboot Behavior Option:

1. From the Endpoint Security Console, select Manage > Agent Policy Sets.

   
   

2. Click the icon for an Agent Policy Set assigned to a user group that you want to use Device Control on.

   You may need to create/edit multiple Agent Policy Sets so that you can choose different options for different groups of endpoints.

   
   

   The Edit A Policy Set dialog opens.

3. Scroll down to the Reboot Behavior Defaults section and set the Reboot behavior policy.
   

   What's the Reboot Behavior Policy?

   When you install the Device Control module on your endpoints (which you'll do later in Install the Endpoint Module), those endpoints require a reboot.
   The Reboot behavior policy lets you control how each endpoint handles this reboot. Reboots are disruptive, so Device Control offers three options for how to handle them:

   • Notify user, user response required before reboot
     This option prompts end users to reboot their system with no deadline, so they have time to save their work. We recommend using this option for desktop and laptop endpoints that employees use for productivity.
   • Notify user, automatically reboot with 5 minute timer
     This option prompts end users to reboot their system. However, this option imposes the reboot after 5 minutes. We recommend using this option for servers and other systems that you suspect might have someone working on them.
   • Don't notify user, wait for the next user-initiated reboot
     This option does not prompt a reboot, nor does it impose a reboot. Use this option when installing Device Control on unmanned endpoints like servers, ATMs, or kiosks that can be rebooted in a scheduled maintenance window.

4. Scroll down to the Device Control section and set each of the DC policies.
   

   DC Install SK-NDIS Driver

   Agent Policy Sets contain a few other Device Control options, the most important being DC install SK-NDIS driver. SK-NDIS is a driver that lets Device Control access secondary network adapters such as Wi-Fi, Infrared, and Bluetooth devices. Whether you should enable or disable this option depends on your environment.

   • Use Install enabled if you want to prevent network bridging for wireless network adapters such as 802.11 or bluetooth when an endpoint is connected to your network.
   • Use Do not install if you have servers that use multiple network adapters simultaneously, as enabling it may disrupt endpoint network connectivity.

   If you don't know whether to enable this option, we recommend deploying Device Control to a few test machines that represent a demographic of your organizational endpoints. You can then monitor these test machines to see if SK-NDIS causes issues.

   DC Detection Interval & DC Device Event Upload Interval

   These options:

   • Determine how often the Device Control endpoint module verifies its installation to the Endpoint Security Server.
   • Determine how often the Device Control endpoint module uploads device events to the Endpoint Security Server.

5. After you finish configuring the Reboot Behavior Defaults policy and the Device Control policies, click Save.
   

6. Edit any additional Agent Policy Sets that are applied to endpoint groups you're installing Device Control on.

Remember, since each Agent Policy Set is assigned to different endpoint groups, you need to figure out which Device Control options best suit each group.