Policies Overview

 

The main way to manage devices via the Cloud Console is through policies, which are groups of security rules that determine how Business Agent and available services work on end devices in your network. In other words, policies provide all of the settings for the features/services installed on the endpoints. Any changes to a policy are applied to the devices and groups using that policy.

Accessing Policies

All created policies will be visible on the Policies page of the Cloud Console. There, you will be able to see the following information for each of your policies:

• Status: In use (applied to device(s)) or Unused (not applied to any devices)
• Policy name: Name of the policy and its description, if any. Clicking the name will open the policy's Detail drawer (see the Policy Settings section for more information).
• Type: Company policy
• Assigned/Overrides: The number of devices assigned to the policy, and the number of devices that override the policy individually in the device detail. Clicking the count will open the Assignments tab of the policy (see the Assignments section for more information).
• Last Modified: Last modified date/time (tooltip displays the exact date/time)

Also, a star icon will be displayed next to the default policy.

Policy Settings

All settings of a policy can be accessed by clicking the policy's name, which will open its Detail drawer, split into four main tabs:

• Overview
• Settings
• Exclusions
• Assignments

A single policy contains settings for Windows workstations and Windows servers, so you do not need to have separate policies for each operating system. This enables you to configure settings for a device group that contains multiple OS types at once.

Note, however, that some policy settings are not available for all operating systems - the OS icons displayed next to each section and setting will inform you which OS a setting can be applied to.

Overview Tab

This tab provides some brief details about the policy: description (editable), type, time of creation and of last update, name of the user who created/updated it, and template type used for its creation (AVG recommended policy for workstations, AVG recommended policy for servers, or an existing policy).

Settings Tab

Detailed settings for the Business Agent and each service available in the account are found here, divided into several tabs:

• General
• Antivirus
• Firewall
• Patch Management

Only the settings related to the services you are subscribed to will be shown (e.g. the Patch Management tab will be hidden if your subscription does not include the Patch Management service).

General

• Restart Options: Select when to restart endpoint devices between only when needed by the Antivirus or Patch Management service, automatically, when user logs off, or not at all. For more information on these options, see Configuring Automatic Restarts.
• Proxy Settings: Set up HTTP or SOCKS v4 proxy when a network uses proxies for end devices (see Configuring Proxy Settings for Devices).

Antivirus

• General Settings: Set up version switch (available for beta-enabled accounts only), UI protection, silent mode, reputation services, AVG tray icon, scanning of external drives, CyberCapture, and hardened mode (see General Antivirus Settings). In this section, you can also modify privacy settings of endpoint users (see Configuring Privacy Settings in Cloud Console).
• Antivirus Scans: Set the frequency of quick and full system Antivirus scans (see Scheduling Antivirus Scans).
• Updates: Select either automatic or manual updates for your virus definitions and Antivirus program (see Configuring Virus Definitions and Antivirus Program Updates).
• Troubleshooting: Enable or disable the anti-rootkit monitor, AVG self-defense module, limited program access for Guest accounts, hardware-assisted virtualization, delayed AVG startup, LSA protection, debug logging, or enter the details for your mail ports (see Troubleshooting Features in Cloud Console).
• Antivirus Protection: Enable, disable, and configure settings for the main protection components (follow the links under Configuring Components in Component Overview for more information)
• Data Protection: Enable, disable, and configure settings for Data Shredder, Exchange Shield, or SharePoint Shield.
• Identity Protection: Set up Password Protection.

Firewall

• Networks: Select the firewall profiles for undefined network connections, and define networks (see Firewall Network Settings).
• Firewall rules: Set the various Firewall System Rules, Firewall Application Rules, and Firewall Advanced Packet Rules.
• Advanced: Enable or disable Leak Protection, Port Scan Alerts, and ARP Spoofing Alerts (see Advanced Firewall Features).

Patch Management

• Patch Scans and Deployments: Set the frequency of scans for missing patches, and whether or not to deploy m issing patches immediately, on a specific schedule, or manually (see Scanning Devices for Missing Patches).
• Other Settings: Select when to clear the local patch files on the end device (see Configuring Cache Clearance).

Exclusions Tab

This is the central area for exclusion configuration for all services where exclusions are possible.

• Antivirus exclusions: Specify paths to be excluded from either all scans and shields or specific shields only (see Configuring Antivirus Exclusions).
• Patch Management exclusions: Specify vendors/products to be excluded from patch deployment (see Configuring Patch Management Exclusions).

Assignments Tab

This section provides a list of devices to which the policy has been assigned, as well as information on whether any of them had their applied service settings overridden (see Overriding Inherited Policy Settings for more information). Via the + Assign policy button, you can apply the policy to additional devices.