1.5 Endpoint Security Universe Objects

The following universe objects are used in ZENworks Control Center under the Endpoint Security component:

  • Endpoint Security: The reporting objects about the Endpoint Security.

  • Endpoint Security Policies: The reporting objects about the Endpoint Security Policies.

    • Apply As Default Policy: Specifies whether this is a default policy.

    • Date Created: Date on which the policy was created.

    • Date Modified: Date on which the policy was modified.

    • Include Default Policy: Specifies whether the default policy is included.

    • Inherit Update Messages: Specifies whether the updated messages were received.

    • Is Deleted: Specifies whether the policy has been deleted from ZENworks.

    • Is End Point Security Policy: Specifies whether this an Endpoint Security Policy.

    • Is Global Policy: Specifies whether this is a global policy.

    • Is Inherited from Hierarchy: Specifies whether this policy is inherited from the hierarchy.

    • Is location based: Specifies whether this is a location based policy or not.

    • Is policy Enabled: Specifies whether the policy is enabled or not.

    • Is Sandbox: Specifies whether this is a sandbox version of the policy or not.

    • Latest Policy Version: Specifies whether this is the latest version of the policy or not.

    • Policy Description: The description of the policy.

    • Policy Folder: The path to the folder where the policy is located.

    • Policy Location: Location of the policy.

    • Policy Name: Name of the ZESM policy.

    • Policy Type: The type of policy. The values are ZESM Application Control Policy, ZESM Comm Hardware Policy, ZESM Data Encryption Policy, ZESM Firewall Policy, ZESM Location Assignment Policy, ZESM Security Settings Policy, ZESM Storage Control Policy, ZESM USB Connectivity Policy, ZESM VPN Enforcement Policy, and ZESM Wireless Policy.

    • Policy Version: Version of the policy.

    • Published: List only the published version of the policies.

    • Sandbox: List only the Sandbox version of the policies.

  • Effective Policy

    • Device ID: The device ID of an effective policy.

    • Timestamp: The timestamp for an effective policy.

  • Policy Specific Attributes: The specific attributes of the policy.

    • Application Control

      • Application Control List

        • ACL Order: Order of the Application Control List (ACL).

        • Application Control List Name: Name of the application control list.

        • Application Name: Name of the application.

        • Applications: Number of applications.

        • Default Behavior

          • No Execution: Blocks the application from executing and blocks a non-executable file from opening.

          • No Internet Access: Blocks the application from accessing the Internet.

          • No Restrictions: Clears the restrictions if any (No Execution or No Internet Access) from the application. This enables you to override any restrictions for the application that are received from another application control policy.

        • Description: The description of the application control list.

        • Is Enabled: Specifies whether the application control list is enabled or not.

      • Communication Hardware

        • Adapter Bridging: Bridging enables the device to act as a hub for accessing the multiple network segments.

        • Allowed Communication Hardware: This hardware is allowed to communicate.

        • Disabled Communication Hardware: This hardware is disabled to communicate.

        • Hardware Type ID: An ID assigned to the hardware type.

        • Hardware with Global Settings: This hardware is configured with global settings.

        • Is Adapter Bridging Message Disabled: Specifies if adapter bridging is disabled.

        • Adapter Bridging Message

          • Display Text: Message of the adapter bridging.

          • Include Message Hyperlink: Specifies whether message hyperlink is included or not.

          • Link: The message hyperlink.

          • Message Body: Body of the adapter bridging message.

          • Message Title: Title of the adapter bridging message.

          • Parameters: The message link parameters.

        • Approved Adapters

          • Approved Dialup Adapters

            • Dialup Adapter Name: Name of the dialup adapter.

            • Dialup Adapters: Number of the dialup adapters.

          • Approved Wired Adapters

            • Adapter MAC Address: A MAC address of the approved wired adapter.

            • Adapter Name: Name of the approved wired adapter.

            • Approved Wired Adapters: Number of approved wired adapters.

          • Approved Wireless Adapters

            • Adapter MAC Address: A MAC address of the approved wireless adapter.

            • Approved wireless adapters: Number of approved wireless adapters.

            • Wireless Adapter Name: Name of the approved wireless adapter.

        • General Settings

          • 1394 (FireWire): Controls the IEEE 1394 Fire Wire bus.

          • Bluetooth®: Controls the Bluetooth access port.

          • Dialup: Controls the dialup adapters (modems).

          • IrDA®: Controls the infrared access port.

          • Serial and Parallel: Controls the serial and parallel communication ports.

          • Wired: Controls the wired network adapters. This setting is available only for location-based policies.

          • Wireless: Controls the Wi-Fi network adapters.

      • Data Encryption

        • Decryption

          • Is Policy Password Enabled for Decryption: Specifies whether the policy password is enabled for description or not.

          • Is Strong User defined Password Required: Specifies whether a strong user-defined password is required for decryption or not.

          • Is User defined Secondary Passwords Allowed: Specifies whether user-defined secondary passwords are allowed for decryption or not.

        • Removable Storage Devices

          • Copy Decrypt Tool to RSD: Specifies whether to copy a decrypt tool to a Removable Storage Devices (RSD) or not.

          • Is RSD Encryption: Specifies whether encryption is enabled for RSDor not.

          • Is RSD Strong Password required: Specifies whether a strong password is required for RSD or not.

          • Is RSD User-defined Password enabled: Specifies whether user-defined password is enabled for RSDs or not.

          • RSD Encrypted Folder Name: An encrypted folder name of the RSDs.

        • Safe Harbor Encryption

          • Is Safe Harbor Encryption for Fixed Disks enabled: Specifies whether the safe harbor encryption for fixed disks are enabled or not.

          • Is Safe Harbor User Folders Allowed: Specifies whether safe harbor user folders are allowed or not.

          • Safe Harbour Folder Location: The location of the safe harbour folder.

      • Firewall

        • Default Behavior: The default behavior is applied to all ports and protocols unless it is overridden by a port, protocol rule, or an Access Control List (ACL). The possible default behavior is Stateful, Open, Closed, or Inherit.

        • Disable Windows Firewall and Register ZESM Firewall in WSC: Specifies whether the Windows firewall is disabled and the ZESM firewall isregistered in WSC.

        • Port or Protocol Rules

          • Default Behavior: The default behavior is Stateful, Open, Closed, or Inherit.

          • Description: Description of the port or protocol rule.

          • Is Enabled: Specifies whether the port or protocol rule is enabled or not.

          • Name: Name of the port or protocol rule.

          • Port or Protocol Order: The sequential order of the port or protocol.

          • Port Type

            • End Range: Ending range of the port.

            • Port Type Order: The order of the port types.

            • Port or Protocol Type: The type of port or protocol.

            • Start Range: Starting range of the port.

          • Standard Access Control Lists

            • Allow 8021x: Specifies whether 802.1X is allowed or not. 802.1x is a port-based network access control that uses Extensible Authentication Protocol (EAP) or certificates.

            • ARP: Specifies whether Add or Remove Program (ARP) is allowed or not.

            • Ethernet Multicast: Specifies whether ethernet multicast is allowed or not.

            • ICMP: Specifies whether the Internet Control Message Protocol (ICMP) is allowed or not. ICMP is used by the operating system of network computers to send the error messages.

            • IP Multicast: IP multicast is a method of sending Internet Protocol datagrams to a group of receivers in a single transmission.

            • IP Subnet Broadcast: Value stating whether the ACL type IP subnet broadcast, subnet broadcast packets is allowed or inherited from the policy that is assigned higher in the policy hierarchy.

            • LLC: Specifies whether the Logical Link Control (LLC) is allowed or not.

            • SNAP: Specifies whether Subnetwork Access Protocol (SNAP) is allowed or not.

            • ZENworks Server: Specifies whether ZENworks service is allowed or not.

          • Access Control Lists

            • ACL Behavior: Behavior of the access control list.

            • ACL Order: The sequential order of the ACL.

            • Description: Description of the access control list.

            • Is Enabled: Specifies whether the ACL is enabled or not.

            • Is Port Rule Configured: Specifies whether the port rule is configured for the ACL or not.

            • Name: Name of the ACL.

            • Configured Port Rule

              • Default Behavior: Default behavior of the port rule.

              • Description: Description of the port rule.

              • Is Enabled: Specifies whether the port rule is enabled or not.

              • Name: Name of the port rule.

              • Port Types

                • End Range: The ending range of port type.

                • Port/Protocol Type: The type of port or protocol.

                • Start Range: The starting range of port type.

            • Address Types

              • Address Type: The type of network address (IP address or Mac address).

              • Address Type Order: The sequential order of the address type.

              • IP or Mac address: The network IP address or Mac address.

      • Location Assignment

        • Allow Manual Change: Specifies whether the manual change is allowed (Yes, No, or Inherited).

        • Display Message: Specifies whether the message should be displayed or not.

        • Is Default Location: Specifies whether this is a default location or not.

        • Location Name: Name of the location.

        • Show Location in Agent List: Specifies whether the location in the agent list must be displayed (Yes, No, or Inherit).

        • Custom Message

          • Display Text: Display text of the custom message.

          • Include Message Hyperlink: Specifies whether the message hyperlinks must be included in the custom message or not.

          • Message Body: In a Location Assignment Policy, body of the message is displayed when location changes.

          • Message Hyperlink: In Location Assignment Policy, hyperlink is displayed when location changes.

          • Message Title: The title of the message.

          • Parameters: The custom message parameters.

      • Scripting

        • Script settings

          • Language: Language of the Script. Possible values can be J script or VB script.

          • Run As: The context in which script would run. Possible value is system or user.

          • Script Content: Actual content of the script.

        • Trigger settings

          • Agent triggers

            • On Network change: If the script is executed any time the agent detects a network change that could affect the location assignment.

            • On Network connect: If the script is executed any time a network connection occurs. This could be a wired network that is detected after plugging in a network cable, a wireless network detected through an access point, or a network detected through a modem.

            • On Network disconnect: If the script is executed any time a network might disconnect.

            • On policy enforcement: If the script is executed any time this policy is enforced.

            • On security policy change: If the script is executed any time the agent receives a change to any of the security policies (Firewall, Communication Hardware, and so forth).

          • Location triggers

            • Is Location trigger enabled: Specifies whether the location trigger must be enabled or not.

            • Is Manual change must: Specifies whether the change must be done manually.

            • Switching from location: Name of the location, from which the device is switching, after executing the script.

            • Switching to location: Name of the location, to which the device is switching, after executing the script.

          • Time triggers

            • Is Time trigger enabled: Specifies whether the time trigger is enabled or not.

            • Time interval (Days): Number of days after initial re-enforcement of the policy that is after executing the script. If the policy is changed and republished, the interval is restarted.

            • Time interval (Hours): Number of hours after initial re-enforcement of the policy that is after executing the script. If the policy is changed and republished, the interval is restarted. .

            • Time interval (Mins): Number of minutes after initial re-enforcement of the policy that is after executing the script. If the policy is changed and republished, the interval is restarted.

      • Security Settings

        • Enable Client self-defense: Specifies whether client self-defense is enabled or not.

        • Enable Password Override: Specifies whether enable password must be overriden (Yes, No, or Inherit).

        • Enable Uninstall Password: Specifies whether uninstall password is enabled or not.

      • Storage control

        • Auto Play Access: Specifies whether the auto play access is provided to CD or DVD (Disable, Read-Write, Read-Only, Deny access, or Inherit).

        • CD or DVD Access: Specifies whether CD or DVD access is allowed (Disable, Read-Write, Read-Only, Deny access, or Inherit).

        • Floppy Drive Access: Specifies whether floppy drive access is allowed or not.

        • Is Preferred device list enabled: Specifies if the preferred device list is enabled or not.

        • Removable Storage Access: Specifies whether removable storage access is allowed (Disable, Read-Write, Read-Only, Deny access, or Inherit).

        • Preferred Device List

          • Comments: List of comments for the preferred device.

          • Default Device Access: The default access for this device.

          • Device Description: Description of the device.

          • Device Order: Preferred sequential order of the device in the list.

          • Device Serial Number: Serial number of the preferred device.

          • Enforcement: Enforcement for the device.

          • Name: Name of the preferred device.

      • USB

        • Default Devices Access: Default device access setting (Enabled, Disabled, or Inherit).

        • Human Interface Devices Access: Human interface devices access setting (Enabled, Disabled, or Inherit).

        • Mass Storage Class Access: Mass storage class device access setting (Enabled, Disabled, or Inherit).

        • Printing Class Access: Printing class device access setting (Enabled, Disabled, or Inherit).

        • Scanning or Imaging (PTP) Access: Scanning or Imaging device access setting (Enabled, Disabled, or Inherit).

        • USB Devices Access: Specifies whether an USB device access setting is enabled or not.

        • USB Device Access

          • Allowed USB Devices: Number of USB devices allowed to access.

          • BDC Device: The value of BDC device to which the USB device belongs to.

          • Blocked USB Devices: .

          • Device Access: Specifies whether the device access setting is enabled, disabled, or inherit.

          • Device Access Sequence: The device access sequence.

          • Device Class: Value of the device class to which the USB Device belongs to.

          • Device Protocol: Protocol used for this device.

          • Device Sub-Class: Value of the device sub-class to which the USB Device belongs to.

          • Friendly Name: Friendly name of the device.

          • Manufacturer: Manufacturer of the device.

          • Name: Name of the device

          • OS Device Class: The device class of the operating system.

          • OS Device ID: Operating system device ID.

          • Product: The product name of the device.

          • Product ID: The product ID of the device.

          • Serial Number: Serial number of the device.

          • Vendor ID: The vendor ID of this device.

          • USB Version: USB version of the device.

      • VPN Enforcement

        • Switch to Location: Name of the switched location.

        • Trigger Locations Name: The trigger location name.

        • Connect Settings

          • Connect Command Link: Executable path of the VPN client, if the VPN client is automatically launched on detection of internet.

          • Connect Command Param: The connect command parameters.

          • Disconnect Command Link:

          • Disconnect Command Param: The disconnect command parameters.

          • Use Connect Command: The use connect command.

          • Use Disconnect Command: Specifies whether the use disconnect command is allowed or not.

          • Use VPN Message: Specifies whether the VPN message is allowed or not.

          • VPN Message

            • Display Text: The VPN message display text.

            • Include Message Hyperlink: Specifies whether the message hyperlink is included in the VPN message or not.

            • Link: The link in the VPN message.

            • Message Body: The body of the VPN message.

            • Message Title: The title of the VPN message.

            • Parameters: The link parameters in the VPN message.

      • Wi-Fi ®

        • Ad Hoc connections: For the policy whether Adhoc connections are allowed or inherited.

        • Display message when min security not met: This message is displayed when the minimum security requirement has not been met.

        • Minimum Wi-Fi ® security: Wi-Fi minimum security (No Encryption, WEP, WPA, WPA2, or Inherit).

        • Wi-Fi ® connections:

        • Minimum Security Message

          • Display Text: Displays the text about the connect command link.

          • Include Message Hyperlink: Specifies whether hyperlink message is include in the minimum security message or not.

          • Link: The link provided in the minimum security message.

          • Message Body: The body of the minimum security message.

          • Message Title: The title of the minimum security message.

          • Parameters: The link parameters of the minimum security message.

        • Wi-Fi ® Access Points

          • Access Points Order: Order in which access point are maintained in list.

          • Enforcement: Specifies whether an enforcement of the wireless access point is white list or black list.

          • Mac Address: MAC address of the wireless access point.

          • Name: Name of the wireless access point.

          • SSID: The Service Set Identifier (SSID) is controlled by the Wireless Access Point (WAP) for the network.

  • Zone Policy

    • Created Date: Date on which the zone policy is created.

    • Currently Active Zone Policy: L:ist only currently active zone policy.

    • Is Currently Effective: Specifies whether the zone policy is currently effective.

    • Modified Date: Date on which the zone policy was modified.

    • Path: The full path of the zone policy.

    • Policy Sequence: The sequence of the zone policy.

    • Zone Policy: Name of the zone policy. This provides the level of assignment for the zone policy setting.

  • Policy Assignments

    • Assignment Status: The assignment status of a bundle or policy to a device or a user.

    • Assignment Type: The type of assignment (bundle, policy, and so on).

    • Consumer Folder: Path to the device consuming an assignment.

    • Consumer LDAP ID: The User Source UID in the LDAP user source. This is used for getting detailed user information such as the user's name, email ID, phone number, and so on from reports created from the user source universe.

    • Consumer Name: Name of the device consuming an assignment.

    • Consumer Name Devices: Name of the consumer devices.

    • Consumer Name Users: Name of the users to which the policy assignment is done.

    • Consumer ZUID: A unique ID that identifies a user or device in the ZENworks environment.

    • Content Folder: Name of the folder holding the bundle or policy content.

    • Content Name: Name of the object holding the content - bundle, policy, and so on.

    • Content Parent Folder: Path to the parent folder for the assignment.

    • Content Parent Name: Name of the parent object holding the content - bundle, policy, and so on.

    • Content Server: Name of the content server associated with the assignment.

    • Content Server Folder: Path to the content server.

    • Content Server Type: The type of the content server.

    • Content Type: Type of content for an assignment.

    • Effective Date: The effective date indicates the date on which the policy was created.

    • Is Zone policy Assignment: Specifies whether this policy is assigned through the zone policy or not.

    • Replication State: The content replication status SYNCSTATE.