Use custom variables and custom variable override settings

With custom variables, you can fine-tune security threat scanning by modifying one or more settings' values so that the scanner checks for conditions you define. The scanner then determines a device to be vulnerable only if that condition is met, meaning that the value you specified is detected.

Add and edit custom variables in Tools > Configuration > Agent settings > Variables.

Some system configuration security threat definitions have variable settings that you can change before including them in a security scan. Typically, antivirus definitions also have custom variable settings.

IMPORTANT: Edit Custom Variables right required
To edit custom variable settings, a Ivanti user must have the Edit Custom Variables role-based administration right. Rights are configured with the Users tool.

Every security definition with customizable variables has a unique set of specific values that can be modified. In each case however, the Custom Variables page will show the following common information:

Name: Identifies the custom variable. The name can't be modified.

Value: Indicates the current value of the custom variable. Unless the variable is read-only, you can double-click this field to change the value.

Description: Provides additional useful information about the custom variable from the definition publisher.

Default value: Provides the default value if you've changed settings and want to restore it to its original value.

To change a custom variable, double-click the Value field and either select a value if there's an available list, or manually edit the value, and then click Apply. Note that some variables are read-only and can't be edited (this is usually indicated in the description).

NOTE: Custom variable override settings
In some situations, you may want the scanner to ignore custom variable settings by using a feature called Custom variable override settings. You can specify that the scanner ignore certain custom variables when scanning devices so that the variables aren't detected as vulnerable and aren't remediated, even if they meet the actual conditions of a definition's detection rules. A user must have the Edit Custom Variables right to create or edit these override settings. You can create as many settings as you like, and apply them to devices using a Change settings task. For more information, see Agent settings: Custom variables to override.