Management and Security

Agent settings: Compliance

Tools > Configuration > Agent Settings > Compliance

Compliance settings are a subset of the Distribution and Patch settings, and the help for those options is covered in Agent settings: Distribution and patch . These compliance settings are only used when a device does a compliance scan. A compliance scan only scans for the definitions found in the Compliance group.

To assign new compliance settings to devices
  1. In Tools > Configuration > Agent Settings > Compliance, right-click and click New.
  2. Change the compliance settings as necessary and click Save.
  3. Right-click your new compliance setting and click Create Scheduled Task.
  4. In the Change settings task, find the Compliance type and next to it select the new compliance setting.
  5. Finish configuring the task and schedule it to run.

About the Patch-only settings > Compliance settings page

Scanning
  • Frequently scan the compliance group: Select this option to set a compliance scan interval of your choice. The available intervals range from 30 minutes to 8 hours.
    • Scan only when a user is logged in
  • Scan after IP address change: Enabled by default.
    • Scan only when a user is logged in
  • Disable the frequent security scanner in agent configuration. In Configuration > Agent configuration, there's a Patch-only settings > Scan options > Frequent scan page. Selecting this disable option on the Compliance page overrides the settings on that agent configuration page.
Actions
  • Enable autofix: Defaults to enabled. Indicates that the security scanner will automatically deploy and install the necessary associated patch files for any vulnerabilities or custom definitions it detects on scanned devices. This option applies to security scan tasks only. In order for autofix to work, the definition must also have autofix enabled.
  • Immediately repair all detected items: Defaults to enabled. Indicates that any security risk will be automatically remediated.
  • Enforce 802.1x supported scan
If a virus cannot be removed or quarantined (Ivanti Antivirus only)
  • Immediately scan device for compliance
  • Perform network access control check to determine if device is unhealthy

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other