The Agent Policy Sets View

After creating agent policy sets, you can apply them to a group using the Agent Policy Sets view. From this view you can add or remove existing agent policy sets to or from the selected group. Additionally, you can create policy sets from this view. However, this view, unlike the Agent Policy Sets page, does not let you edit policy sets or view their details. This view is only applicable to agent policy sets.

For additional information about agent policy sets, refer to About Agent Policies and Agent Policy Sets.

The Agent Policy Sets View Toolbar

This toolbar allows you to manage Agent Policy Sets for groups.

Button	Function
Assign	Assigns an Agent Policy Set to the selected group and its child groups. For additional information, refer to Assigning an Agent Policy Set to a Group.
Unassign	Unassigns an Agent Policy Set to the selected group and its child groups. For additional information, refer to Unassigning an Agent Policy Set from a Group.
Create...	Creates an Agent Policy Set. For additional information, refer to Creating an Agent Policy Set (Groups Page).
Export	Exports the page data to a comma-separated value (.csv) file. For additional information, refer to Exporting Data. Important: The Enhanced Security Configuration feature for Internet Explorer suppresses export functionality and must be disabled to export data successfully. Pop- up blockers in Internet Explorer or other supported browsers may also suppress export functionality and should be disabled.
Options (menu)	Opens the Options menu. For additional information, refer to The Options Menu.

The Agent Policy Sets View List

This list itemizes all agent policy sets and policy details assigned to the selected group.

View the Agent Policy Sets View list from the Groups page. The following table describes Agent Policy Sets View list.

Column	Description
Action	The Unassign icon indicates the Agent Policy Set may be unassigned. You may use the Unassign icon to remove a policy set from the selected group. For additional information, refer to Unassigning an Agent Policy Set from a Group. The Unassign Disabled icon indicates the Agent Policy Set cannot be unassigned. The Unassign Disabled icon indicates the policy is inherited. An inherited Agent Policy Set can not be unassigned from the group.
Name	The name of the Agent Policy Set. You may select the Name column to sort the Agent Policy Set list.

Column

Description

Action

The Unassign icon indicates the Agent Policy Set may be unassigned.

You may use the Unassign icon to remove a policy set from the selected group. For additional information, refer to Unassigning an Agent Policy Set from a Group.

The Unassign Disabled icon indicates the Agent Policy Set cannot be unassigned.

The Unassign Disabled icon indicates the policy is inherited. An inherited Agent Policy Set can not be unassigned from the group.

Name

The name of the Agent Policy Set.

You may select the Name column to sort the Agent Policy Set list.

Assigning an Agent Policy Set to a Group

Assigning an Agent Policy Set to a group defines functional rules for the group.

Prerequisites:

Create an Agent Policy Set. Refer to Creating an Agent Policy Set (Groups Page) for details.

Assign Agent Policy Sets to groups from the Agent Policy Sets view.

Groups that do not have an associated Agent Policy Set assigned, use the Global System Policy. Refer to About Agent Policies and Agent Policy Sets for additional information.

From the Navigation Menu, select Manage > Groups.
From the View list, select Agent Policy Sets.
Select a group from the directory tree.
You may select a group that is either in the Custom Groups or Systems Groups hierarchy.
Click Assign.
The Select a Policy Set list becomes active.
Select an agent policy set from the Select a Policy Set list.
Click the Save icon () to save your changes.
The Select a Policy Set list closes and your policy is assigned.
The Cancel icon () cancels your changes and any edits are not saved.

The policy set is saved and associated with the group.

Unassigning an Agent Policy Set from a Group

When desired, you can unassign an Agent Policy Set from a group.

Prerequisites:

An Agent Policy Set is assigned. Refer to Assigning an Agent Policy Set to a Group for details.

Unassign the Agent Policy Sets to groups from the Agent Policy Sets view.

Groups that do not have an associated Agent Policy Set assigned, use the Global System Policy. Refer to About Agent Policies and Agent Policy Sets for additional information.

From the Navigation Menu, select Manage > Groups.
From the View list, select Agent Policy Sets.
Select a group from the directory tree.
You may select a group that is either in the Custom Groups or Systems Groups hierarchy.
Remove the desired policy sets. Use one of the following methods.

Method	Steps
To remove one Agent Policy Set:	Click the Unassign icon () associated with the Agent Policy Set you want to remove.
To remove multiple Agent Policy Sets:	Select the check boxes associated with the Agent Policy Sets you want to remove. From the toolbar, click the Unassign button.

An Unassign Disabled icon indicates you cannot remove an inherited Agent Policy Set. Instead, you must change the group policy inheritance setting or remove the inherited policy set from the parent group. Refer to Policy Inheritance in Editing Group Settings for additional information.

A dialog appears, prompting you to acknowledge the removal.

Click OK.
The selected policy set(s) are removed and the dialog closes.

The Agent Policy Set(s) are no longer associated with the group.

Creating an Agent Policy Set (Groups Page)

You can create agent policy sets from the Agent Policy Set view. Agent policy sets are collections of values that can be assigned to groups to regulate how agents behave.

When creating an agent policy set from the Agent Policy Set view, the created policy set will be immediately applied to the group selected in the directory tree.

From the Navigation Menu, select Manage > Groups.
From the View list, select Agent Policy Set.
Select a group from the directory tree.
You may select a group that is either in the Custom Groups or Systems Groups hierarchy.
Click Create.
The Create Agent Policy Set dialog opens.
Type the applicable information in the Policy Set Details fields.

Field Name	Type
Policy Set Name	The name of the Agent Policy Set.
Policy Set Description	A description of the Agent Policy Set (optional).

Define the Agent Hardening option.
These options define the steps required to delete an agent. For additional information, refer to About Agent Hardening.

Option	Description
Agent uninstall protection (list)	Select from the list to define whether the agent requires a password to be uninstalled. The default value is On.

Define the Agent Logging options.
The following table describes each option.

Option	Step
Logging level (button)	Click to open the Logging Level dialog. Use this dialog to select the agent logging level. For additional information, refer to Defining Agent Policy Logging Levels.
Maximum log file size (field)	Type the amount of disk space that triggers the agent to delete its log (1-500 MB). A value of 10 is the default setting.

Define the Ivanti Endpoint Security Agent Communication options. The following table describes each option.

Options	Step
Use HTTP for file download (list)	Select whether packages are downloaded using HTTP, regardless of whether HTTPS is used for communication between the agent and Ivanti Endpoint Security (True or False). The default value is True.
Send interval (list)	Select the amount of time that the agent should wait before sending an event to the Ivanti Endpoint Security server (0-5 seconds). A value of 2 seconds is the default setting.
Receive interval (field and list)	Type and select the amount of time that the agent should delay before reattaching events from the Ivanti Endpoint Security Server. This value cannot exceed seven days. A value of 0 seconds is the default setting.
Timeout interval (field and list)	Type and select the amount of time the agent should stay attached to the Ivanti Endpoint Security server before disconnecting (1 minute-7 days). A value of 12 hours is the default setting.
Heartbeat interval (field and list)	Type and select the amount of time between agent check-ins with the Ivanti Endpoint Security server (1 minute-1 day). A value of 15 minutes is the default setting.

Define the Ivanti Endpoint Security Agent Notification Defaults options. The following table describes each option.

Option	Description
Hide Agent Control Panel	This option controls whether the Agent Control Panel (and all associated dialogs and notifications) are hidden or accessible to an endpoint user after logging on (True or False). Note: This policy will not take effect until the agent is restarted. This policy can hide only the Ivanti Endpoint Security Agent for Windows. Agents installed on Linux, Unix, or Mac endpoints cannot be hidden. When set to True, endpoint users can still open the Agent Control Panel using Windows Control Panel. This policy cannot hide the Patch Agent or the Agent.
Show Alerts on Endpoint	This option control whether the associated dialogs and notifications for the Agent Control Panel are hidden or accessible to an endpoint user after logging on (True or False).

Option

Description

Hide Agent Control Panel

This option controls whether the Agent Control Panel (and all associated dialogs and notifications) are hidden or accessible to an endpoint user after logging on (True or False).

Note:

This policy will not take effect until the agent is restarted.
This policy can hide only the Ivanti Endpoint Security Agent for Windows. Agents installed on Linux, Unix, or Mac endpoints cannot be hidden.
When set to True, endpoint users can still open the Agent Control Panel using Windows Control Panel.
This policy cannot hide the Patch Agent or the Agent.

Show Alerts on Endpoint

This option control whether the associated dialogs and notifications for the Agent Control Panel are hidden or accessible to an endpoint user after logging on (True or False).

Define the Reboot Behavior Defaults option.
An endpoint module installation or feature may require an endpoint to restart (such as the Device Control module). This option defines how the reboot is performed.
1. From the Reboot behavior list, select a behavior:
  Notify user, user response required before reboot: All logged-on endpoint users must agree unanimously to a restart. After the final user agrees to the reboot it will start immediately.
  Notify user, automatically reboot within 5 minute timer: All users logged on to the endpoint are notified by a dialog that a restart will take place in five minutes.
  Don't notify user, wait for next user-initiated reboot: No dialog notifies users that a reboot is required, and the policy does not take effect until the next time the endpoint is rebooted.
Define the Patch Agent Communication options.
The following table describes each option.

Option	Step
Use SSL for agent to server communication (list)	Select whether the Patch Agent uses HTTPS when communicating with the Ivanti Endpoint Security server.
Use HTTP for package download (list)	Select whether files are downloaded using HTTP, regardless of whether HTTPS is used for communication between the agent and Ivanti Endpoint Security (True or False). The default value is False.
Agent Listener Port (field)	Select the agent listener port number. When the agent is contacted using this port, it responds with the agent version number and initiates communication with Ivanti Endpoint Security. The default value of 0 disables the agent listener.
Agent Scan Mode (list)	Select the mode that the Discover Applicable Updates (DAU) task runs in. These modes include: Normal: Performs the DAU task normally, which uses the least amount of resources. Initial Only: Performs the first DAU task in fast mode, but subsequent DAU tasks in normal mode. Fast Scan: Performs the DAU task faster, but uses more resources. The default value is Normal.
Communication Interval (field and list)	Type and select the interval (in minutes, hours, or days) between agent and Ivanti Endpoint Security communication (1 minute-1 day). The default value is 15 minutes.
Inventory Collection Options (button)	Click to open the Select Inventory Collection dialog. Use this dialog to select the inventory values for recording during agent scanning. For additional information, refer to Defining Inventory Collection Options.
Resume Interrupted Downloads (list)	Select whether the agent resumes interrupted downloads at the point of interruption (True or False). The default value is True.
Hours of Operation (button)	Click to open the Edit Agent Hours of Operation dialog. Hours of operation are based on agent local time, allowing for further definition of the agent start and end times. For additional information, refer to Defining Agent Hours of Operation.

[Optional] Define the Configuration Policies option according to context.

Context	Step
If defining this option for the first time:	Click the Define button adjacent to Security Configuration management.
If editing this option after it has been defined:	Click the Modify button adjacent to Security Configuration management.

The Configuration Policy Management dialog opens. For more information regarding defining configuration policies, see Uploading and Applying a Benchmark to a New Agent Policy Set.

Define the Ivanti Patch and Remediation Deployment Notification Defaults options.

Option	Step
User May Cancel (list)	Select whether the deployment recipient can cancel the deployment (True or False).The default value is False.
User May Snooze (list)	Select whether the deployment recipient can snooze the deployment (True or False). The default value is True.
Deploy Within (field)	Select the default time (in minutes) between the creation of the deployment and the deployment deadline (1-1440). The default value is 5 minutes.
Always On Top (list)	Select whether deployment notifications display as the topmost window (True or False). The default value is True. For additional information about the Always on Top policy, refer to About the Show on Top Option.

Define the Ivanti Patch and Remediation Reboot Notification Defaults.

Option	Step
User May Cancel (list)	Select whether the deployment recipient can cancel the reboot (True or False). The default value is True.
User May Snooze (list)	Select whether the deployment recipient can snooze the reboot (True or False). The default value is True.
Reboot Within (field)	Type the default time (in minutes) between the creation of the deployment and the reboot deadline (1-1440). The default value is 5 minutes.
Always on Top (list)	Select whether reboot notifications display as the topmost window (True or False). The default value is True. For additional information about the Always on Top policy, refer to About the Show on Top Option.

Define the Discover Applicable Updates (DAU) option.

Option	Step
Scheduling Frequency (field)	Type the frequency (in hours) of the DAU task (1-8760). The default value is 26 hours.

Define the FastPath Servers options.
For additional information, refer to About FastPath.

Option	Step
Interval (field and list)	Type the time interval (in minutes, hours, or days) between FastPath server validations (0 minutes-7 days). The default value of 0 disables the option.
Servers (button)	Click Define to open the Edit FastPath Servers dialog. Use this dialog to add FastPath servers. For additional information, refer to Adding/Editing FastPath Servers.

Define the Bandwidth Throttling options.

Option	Step
Maximum Transfer Rate (field)	Type the maximum amount of network bandwidth (in kilobytes per second), per endpoint that can be used by the agent for content download (0-1024). The default value of 0 disables bandwidth throttling.
Minimum File Size (field)	Type the threshold (in KB) at which a file will be managed by bandwidth throttling (0-1024). Files smaller than the defined value will not be managed by bandwidth throttling. The default value is 100.

Define the Power Management options (Ivanti Power Management only).
For additional information, refer to Power Management Policies.
Define the Device Control options.

Option	Description
DC install SK-NDIS driver (list)	Indicates whether Ivanti Endpoint Security installs a SK-NDIS on endpoints assigned the policy (Do not install or Install Enabled).
DC detection interval (field)	Indicates the detection interval (in minutes) that determines how often the endpoint verifies installation.
DC device event upload interval (field)	Indicates the reporting interval (in minutes) that determines how other the endpoint reports device events back to the server.
DC agent reboot behavior (Read-only text)	Indicates how reboots are performed following installation of the Device Control endpoint module. This behavior is defined using the Reboot behavior option. For additional information, refer to Creating an Agent Policy Set.

Define the AntiVirus option:

Option	Description
Delay AV definition distribution by (field)	Type the time interval (in hours, up to 23 hours) that the Ivanti Endpoint Security Agent is to delay requesting a new AntiVirus definitions file from the Application Server. The default value of 0 hours disables the option. Use this option to make time to test a new definitions file in a test environment before distributing it to agents (for example, to check for false positives that can negatively affect system functionality). Important: Delaying the download of important updates can make your environment vulnerable to new viruses or malware.

Option

Description

Delay AV definition distribution by

(field)

Type the time interval (in hours, up to 23 hours) that the Ivanti Endpoint Security Agent is to delay requesting a new AntiVirus definitions file from the Application Server. The default value of 0 hours disables the option.

Use this option to make time to test a new definitions file in a test environment before distributing it to agents (for example, to check for false positives that can negatively affect system functionality).

Important: Delaying the download of important updates can make your environment vulnerable to new viruses or malware.

Click Save.
Your agent policy set is saved and assigned to the selected group. You can also assign the agent policy set to other endpoint groups or edit the set.

Exporting Agent Policy Sets View Data

To export information displayed in the Agent Policy Sets view list to a comma separated value (.csv) file, click the toolbar Export button. Exporting data lets you work with that data in other programs for reporting and analytical purposes.

For additional information, refer to Exporting Data.