The following instructions assume that you are on the Configure Security Settings page in the Create New Security Settings Policy Wizard (see Creating Security Policies) or that you are on the Details page for an existing Security Settings policy (see Editing a Policy’s Details).
The ZENworks Endpoint Security Agent (referred to as the Endpoint Security Agent) is the ZENworks Agent module that manages and enforces security policies on a device. This panel lets you configure the security settings for the Endpoint Security Agent.
IMPORTANT:This policy is not used with the current Endpoint Security Agent. The Endpoint Security Agent’s security settings are no longer applied as a policy; instead, they are applied as ZENworks Agent settings (ZENworks Control Center > Configuration > Management Zone Settings > Device Management > ZENworks Agent).
This policy is retained to provide support for devices that are still running the ZENworks 11 or ZENworks 11 SP1 Endpoint Security Agent. Those versions of the agent continue to use the Security Settings policy.
Client Self Defense protects the Endpoint Security Agent from being shut down, disabled, or tampered with in any way. If a user performs any of the following activities, the device is automatically rebooted to restore the correct system configuration:
Using Windows Task Manager to terminate any Endpoint Security Agent processes.
Stopping or pausing any Endpoint Security Agent services.
Removing critical files and registry entries. If a change is made to any registry keys or values associated with the Endpoint Security Agent, the registry keys or values are immediately reset.
Disabling NDIS filter driver binding to adapters.
Select one of the following options:
Yes: Enables Client Self Defense.
No: Disables Client Self Defense.
Inherit: If the policy’s Inherit from Policy Hierarchy setting is enabled, inherits this setting value from other Security Setting policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting value is inherited from any Security Setting policies assigned to the user’s groups, folders, or zone.
Client Self Defense does not prevent the Endpoint Security Agent from being uninstalled by the agent installation program. If you want to prevent users from removing the Endpoint Security Agent without permission, you must enable an uninstall password.
The uninstall password applies only when a user tries to uninstall the agent at the device. If you use the ZENworks Agent features (Configuration tab > Management Zone Settings > Device Management > ZENworks Agent) to uninstall the Endpoint Security Agent, the uninstall password is not used.
Select one of the following options:
Yes: Enables an uninstall password. To specify the password, click Change, specify and confirm the password, then click OK to save it.
No: Disables an uninstall password.
Inherit: If the policy’s Inherit from Policy Hierarchy setting is enabled, inherits this setting value from other Security Setting policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting value is inherited from any Security Setting policies assigned to the user’s groups, folders, or zone.
Password Override lets you specify a password that overrides the device’s currently applied security policies. All policies revert to the Endpoint Security Agent’s default policies.
You should not distribute the password to users. Instead, you should use the Override Password Key Generator utility to generate a temporary password key (based on the override password) for a user who needs to override security policies. The password key functions the same as the override password with the added benefit that you can specify when the key expires.
Select one of the following options:
Yes: Enables an override password. To specify the password, click Change, enter and confirm the password, then click OK to save it.
No: Disables the override password.
Inherit: If the policy’s Inherit from Policy Hierarchy setting is enabled, inherits this setting value from other Security Setting policies assigned higher in the policy hierarchy. For example, if you assign this policy to a user, the setting value is inherited from any Security Setting policies assigned to the user’s groups, folders, or zone.