Policies

Policies allow collections of Rules and configuration settings to be saved for easier assignment to multiple computers.

The Policies page shows your existing Policies in their hierarchical tree structure. From the Policies page you can:

Create New Policies from scratch ()
Import Policies from an XML file () (located under the New menu.)

When importing policies, ensure that the system where you created the policies and the system that will receive them both have the latest security updates. If the system that is receiving the policies is running an older security update, it may not have some of the rules referenced in the policies from the up-to-date system.

Examine or modify the Details of an existing Policy ()
Duplicate (and then modify and rename) an existing Policy ()
Delete a Policy ()
Export a Policy to an XML file ()
When you export a selected Policy to XML, any child Policies the Policy may have are included in the exported package. The export package contains all the actual objects associated with the policy except: Intrusion Prevention Rules, Log Inspection Rules, Integrity Monitoring Rules, and Application Types.

Clicking New () opens the Policies wizard which will prompt you for the name of the new Policy and then give you the option of opening the Policy Details window. Clicking Details () displays the Policy Details window.

You can create a new Policy based on a Recommendation Scan of a computer. To do so, select a computer and run a Recommendation Scan. (Right-click the computer on the Computers page and select Actions > Scan for Recommendations). When the scan is complete, return to the Policies page and click New to display the New Policy wizard. When prompted, choose to base the new Policy on "an existing computer's current configuration". Then select "Recommended Application Types and Intrusion Prevention Rules", "Recommended Integrity Monitoring Rules", and "Recommended Log Inspection Rules" from among the computer's properties.

The Policy will consist only of recommended elements on the computer, regardless of what Rules are currently assigned to that computer.

To assign a Policy to a computer:

In the Vulnerability ProtectionDeep Security Manager, go to Computers.
Select your computer from the computers list, right click and choose Actions > Assign Policy.
Select the Policy from the hierarchy tree and click OK.

For more information on how to use Policies to protect your computers, see Quick Start: Protecting a Server.

For more information on how child Policies in a hierarchy tree can inherit or override the settings and rules of parent Policies, see Policies, Inheritance and Overrides.

After assigning a Policy to a computer, you should still run periodic Recommendation Scans on your computer to make sure that all vulnerabilities on the computer are protected. See Recommendation Scans for more information.