Security Configurations

The new Security Configurations tool provides a convenient single window where you can create and manage configurations for several LANDesk Security Suite components and services, as well as corresponding deployment tasks.

Security configurations (or settings) control how security services operate on managed devices. Security services and their associated settings can be deployed to your managed devices as part of the initial agent configuration, separate install or update tasks, and change settings tasks.

Security Configurations lets you create and manage settings for the following security services:

You can also perform security component tasks described in this chapter.

IMPORTANT: LANDesk Script Writers group permission required
In order to create scheduled tasks and policies in the Patch and Compliance tool and the Security Configurations tool (for security and compliance scan tasks, repair tasks, and change settings tasks), a user must have the LANDesk Script Writers group permission. In other words, they must belong to a group that has the LANDesk Script Writers permission assigned. For more information about role-based administration, see Role-based administration.

Using the Security Configurations tool

The Security Configurations tool window provides a convenient single interface that lets you manage settings and tasks for several security components and services.

Read the sections below to learn about:

Configuring antivirus definition downloads

The steps below provide a quick summary outline of the typical processes or tasks involved in implementing antivirus protection on your network with LANDesk Antivirus. For detailed descriptions for each of these procedures, see LANDesk Antivirus.

For more information about the specific task of downloading antivirus definitions, see Updating virus definition files.

Creating change settings tasks

The device default security settings are deployed as part of the initial agent configuration. At some point you may want to change these default settings on certain devices. The Security Configurations tool provides a way to do this without having to redeploy an entirely new and complete agent configuration.

To do this, click the Change settings task located in the Create a task toolbar button.

The dialog box that appears allows you to enter a unique name for the task, specify whether it is a scheduled task or policy, and either select an existing setting as the default or use the Edit button to create a new setting as the default for target devices.

About the Create change settings task dialog

Use this dialog box to create and configure a task that changes the default settings on target devices for Endpoint Security components.

With a change settings task you can conveniently change a managed device's default settings (which are written to the device's local registry) without having to redeploy a full agent configuration.

This dialog contains the following options:

About the Configure security component settings dialog box

Use this dialog box to manage your security components settings. Once configured, you can apply settings to agent configuration tasks, security components install or update tasks, and change settings tasks.

This dialog contains the following options:

Creating install or update security components tasks

If you want to install or update security components, you can do so as a separate task.

To create an install or update security components task
  1. In the console, click Tools > Security > Security Configurations.
  2. Click the Create a task toolbar button, and then click Install/Update security components.



  3. Enter a name for the task.
  4. Specify whether the installation is a scheduled task or a policy-based task, or both.
  5. Select the component you want to install. You can create new settings or edit existing settings by clicking Configure.
  6. If you want to display the installation progress in the security scanner dialog on targeted devices, select the Show progress dialog on client option.
  7. Select a Scan and repair setting from the list to apply its reboot configuration (only) to the agent configuration you're creating. You can create new settings or edit existing settings by clicking Configure. Keep in mind that only the reboot options specified on the Scan and repair settings you select are used by this agent configuration's Endpoint Security agent deployment to target devices. You can use existing Scan and repair settings that already includes the reboot configuration you want, or you can create brand new Scan and repair settings specifically for your agent deployment.
  8. Click OK.

About the Install or update security components task dialog box

Use this dialog box to create and configure a task that installs the security components (via the shared Endpoint Security agent) on target devices that don't yet have it installed, or updates the existing version of the security components on target devices.

NOTE: The installation is executed by the security scanner.

This task lets you conveniently deploy and update a managed device's security components (and associated settings) without having to redeploy a full agent configuration.

This dialog contains the following options:

List of third-party antivirus products that can be automatically removed

For the current list in the main LANDesk Antivirus section, see List of third-party antivirus products that can be automatically removed.

Creating remove security components tasks

If you want to remove security components from managed devices, you can also do that as a separate task from the console.

To create a remove security components task
  1. In the console, click Tools > Security > Security Configurations.
  2. Click the Create a task toolbar button, and then click Remove security components.
  3. Enter a name for the task.
  4. Specify whether the installation is a scheduled task or a policy-based task, or both.
  5. Select the component you want to remove.
  6. If you want to display the installation progress in the security scanner dialog on target devices, check the Show progress dialog on client option.
  7. Select a scan and repair setting from the available list to apply its reboot configuration to the task you're creating. You can create new settings or edit existing settings by clicking Configure. The task will use the selected scan and repair settings' reboot options ONLY, which determine reboot requirements and actions on target devices during agent removal.
  8. Click OK.

About the Remove security components task dialog box

Use this dialog box to create and configure a task that removes the security components from target devices.

This dialog contains the following options:

Creating LANDesk Antivirus tasks

The LANDesk Antivirus tool is described in a separate section. For detailed information about antivirus tasks, see LANDesk Antivirus.

Configuring alert settings

You can configure security-related alerting so that you can be notified when specific events are detected on managed devices in your system. Security Antivirus uses the standard LANDesk alerting tool.

The alert settings dialog contains options for both vulnerability alerting and antivirus alerting.

Antivirus alerting

Antivirus alert settings are found on the Antivirus tab of the Alert settings dialog.

You must first configure the antivirus alerts in the Alert Settings tool in the console. Antivirus alerts include:

The following antivirus events can generate antivirus alerts:

Select which alerts you want generated. The time interval option lets you avoid receiving too many alerts. More than one alert (for any antivirus trigger) during the specified time interval is ignored.

You can view the complete antivirus alert history for a device in its Security and Patch Information dialog box. Right-click a device, select Security and Patch Information, select the Antivirus type in the Type list, and then select the Antivirus History object.

Vulnerability alerting

For information on vulnerability alerting, see Using patch and compliance alerts.

Generating security authorization codes

Use this dialog box to create an authorization code that will allow an end user to perform a blocked operation for a brief period of time. You can use an authorization code to provide temporary access for a specific user or for an IT administrator to have access to a managed device.

For example, if a user attempts to connect a USB device that is not allowed by a Device Control settings, a pop-up message appears on the end user device that includes an operation code. The user would provide that operation code to the administrator, who uses it to generate an authorization code that is given back to the end user. This allows them to perform the action on a temporary basis.

To generate an authorization code
  1. In the Security Configurations tool, click the Common settings toolbar button, and then click Generate authorization code.
  2. Enter the operation code provided by the end user.
  3. If the operation code is valid, an authorization code is automatically generated.
  4. Enter the operation type that the end user wants to perform.
  5. Give the new authorization code to the end user. The user enters that authorization code when prompted in order to perform the blocked operation.

NOTE: Note about inaccurate pop-up message
When a user is given access via an authorization code, a pop-up message on the end user device may indicate that HIPS has been disabled regardless of the actual action taken by the user. This message can be ignored.

Using Windows Firewall settings

The Security Configurations tool also lets you create, configure, and deploy Windows Firewall settings to manage the Windows Firewall on target devices.

To create Windows Firewall settings
  1. Click Tools > Security > Security Configurations.
  2. Right-click Windows Firewall, and then click New.

Once configured, you can deploy settings to target devices with an installation or update task, or a change settings task.

About the Create Windows Firewall settings dialog box

Use this dialog box to configure Windows firewall settings. Windows firewall settings are associated with a change settings task to enable/disable the firewall, and configure firewall settings including exceptions, inbound rules, and outbound rules (for services, ports, and programs).

You can use this feature to deploy a configuration for the Windows firewall on the following Windows versions:

About the Windows Firewall (XP/2003): General page

Use this page to define firewall general settings.

About the Windows Firewall (XP/2003): Exceptions page

Use this page to configure firewall exceptions.

This dialog contains the following options:

Windows Firewall security threat definitions

LANDesk Security provides predefined security threat definitions that let you scan for, detect, and configure firewall settings on managed devices running specific Windows platforms. The following security threat definitions let you scan for and modify firewall settings:

The Windows Firewall security threat properties includes custom variables that let you configure Windows Firewall settings. You can use these security threat definitions to scan for your specified settings and return a vulnerability condition if those settings are not matched. You can then use the customized definition in a repair task in order to turn on or off the firewall as well as change or reconfigure the firewall settings on the scanned device.

About the Windows Firewall (Vista): General rules page

Use this page to configure firewall general rules.

About the Windows Firewall (Vista): Inbound rules

Use this page to configure firewall inbound rules.

About the Windows Firewall (Vista): Outbound rules

Use this page to configure firewall outbound rules.