Endpoint Security

The new Endpoint Security tool is actually a set of complementary features and settings that lets you strongly secure and protect the managed devices on your network. You can restrict network connections for managed devices, restrict access to those managed devices by other types of devices, and use the Host Intrusion Prevention (HIPS) and Firewall tools to prevent unauthorized application operations.

Endpoint Security provides an impenetrable defense for all the protected devices within your LANDesk network and the perimeter of that network, as well as mobile users; providing complete control over access to and from those devices and what is allowed to occur on them.

Although Endpoint Security is a consolidated single agent that is deployed to target devices, it is fully configurable and provides services for several security components.

The Endpoint Security components are:

With Endpoint Security you can define trusted locations (network connections) for managed devices, create settings for each of the Endpoint Security components listed above, and deploy those settings based on whether the device is inside the trusted network location or outside the trusted location.

As stated above, Endpoint Security is a single agent that enforces protection rules on managed devices and controls the functionality of each of the distinct security components. Endpoint Security has the flexibility to allow you to enable and configure the security components independently or in a coordinated deployment. For example, you can deploy HIPS protection only, or HIPS and Device Control (via their respective settings), or any other combination of security components.

This section describes how to enable Endpoint Security on your managed devices, and directs you to information about each of the encompassed Endpoint Security components.

Enabling and deploying Endpoint Security

Endpoint Security is enabled on managed devices with Endpoint Security settings.

Endpoint Security can be enabled on managed devices via the initial agent configuration. You can also use a change settings task to install or update Endpoint Security settings to target devices.

Creating Endpoint Security settings

To create Endpoint Security settings
  1. In the Security Configurations tool window, right-click Endpoint Security, and then click New.

  2. At the General settings page, enter a name for the settings, and then specify the general requirements and actions. For information about an option, click Help.
  3. If you want to manage network connections, select the Use location awareness option. When this option is selected, the Trusted location page is displayed. Also, by selecting this option, two separate groups are made available on the Security policies page, one for when the device is inside the trusted location and one for when the device is outside the trusted location. If location awareness is not enabled, only one policy group is needed.
  4. At the Security policies page, select which Endpoint Security components you want to deploy to target devices with the Endpoint Security settings.
  5. At the Trusted location page, define the allowed network connections (by IP address, IP range, or subnet).
  6. Click Save.

Once configured, you can deploy settings to target devices with an installation or update task, or a change settings task.

Endpoint Security settings help

Use this dialog box to create and edit Endpoint Security settings.

This dialog box contains the following pages.

About the Endpoint Security: General settings page

Use this page to configure location awareness (trusted network) and other access settings.

About the Endpoint Security: Policies page

Use this page to configure security policies for devices inside the trusted network and polices for devices outside the trusted network.

About the Endpoint Security: Trusted Locations page

Use this page to define trusted locations. A trusted location is made up of a collection of network addresses, by IP address, IP range, or subnet.

What happens on a device configured with Endpoint Security components

This section describes how the Endpoint Security client displays on managed devices, what happens on end user devices when they are being protected by Endpoint Security, and the actions end users can take when a security violation is discovered.

Client interface and user actions

Once Endpoint Security has been deployed to managed devices, the client can be accessed through either the Start menu or the system tray icon.

NOTE: Administrator password protection
If the administrator has enabled the password protection option in the Endpoint Security settings, the correct password must be entered in order to access and use certain client features.

System tray icon

The system tray icon shows whether the HIPS component of Endpoint Security is running in learn mode or automatic blocking mode.

End users can right-click the icon to access its shortcut menu and select the following options:

End user actions

The client is displayed in a window that includes the following elements, where the end user can: