Deep Security 10.3 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Create policies to protect your computers and other resources
Policies allow collections of rules and configuration settings to be saved for easier assignment to multiple computers. You can use the Policy editorTo open the Policy editor, go to the Policies page and double-click the policy that you want to edit (or select the policy and click Details). to create and edit policies that you can then apply to one or more computers. You can also use the Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). (which is very similar to the Policy editor) to apply settings to a specific computer, but the recommended method is to create specialized policies rather then edit the settings in the Computer editor.
In this article:
- Create a new policy
- Other ways to create a policy
- Edit the settings for a policy or individual computer
- Assign a policy to a computer
- Immediately send policy changes
- Export a policy
- Click Policies > New > New Policy.
- Enter a name for the policy. If you want the new policy to inherit its settings from an existing policy, select a policy from the Inherit from list. Click Next.
For information on inheritance, see Policies, inheritance, and overrides.
- Select whether you want to base this policy on an existing computer's configuration and then click Next.
- If you selected Yes in step 3:
- Select a computer to use as the basis for the new policy and click Next.
- Specify which protection modules will be enabled for the new policy. If this policy is inheriting its settings from an existing policy, those settings will be reflected here. Click Next.
- On the next screen, select the properties that you want to carry into the new policy and click Next. Review the configuration and click Finish.
- If you selected No in step 3, specify which protection modules will be enabled for the new policy. If this policy is inheriting its settings from an existing policy, those settings will be reflected here. Click Finish.
- Click Close. Next, you can edit the settings for the policy, as described in Edit the settings for a policy or individual computer.
There are several ways to create a policies on the Policies page:
- Create a new policy as described above.
- Click New > Import From File to import policies from an XML file.
When importing policies, ensure that the system where you created the policies and the system that will receive them both have the latest security updates. If the system that is receiving the policies is running an older security update, it may not have some of the rules referenced in the policies from the up-to-date system.
- Duplicate (and then modify and rename) an existing policy. To do so, right-click an existing policy you want to duplicate and then click Duplicate.
- Create a new policy based on a recommendation scan of a computer. To do so, go to the Computers page, right-click a computer and select Actions > Scan for Recommendations. When the scan is complete, return to the Policies page and click New to display the New Policy wizard. When prompted, choose to base the new policy on "an existing computer's current configuration". Then select "Recommended Application Types and Intrusion Prevention Rules", "Recommended Integrity Monitoring Rules", and "Recommended Log Inspection Rules" from among the computer's properties.
The Policy will consist only of recommended elements on the computer, regardless of what Rules are currently assigned to that computer.
The Policies page shows your existing policies in their hierarchical tree structure. To edit the settings for a policy, select it and click Details to open the policy editor.
These sections are available in the Computer or Policy editorYou can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details).:
- Overview (the Overview section of the policy editor and Overview section of the computer editor sections are different)
- Configure malware scans
- Web Reputation settings
- Firewall settings
- Intrusion Prevention
- Integrity Monitoring
- Log Inspection settings
- Detect and configure the interfaces available on a computer
- Network engine settings
- Go to Computers.
- Select your computer from the Computers list, right click and choose Actions > Assign Policy.
- Select the policy from the hierarchy tree and click OK.
For more information on how child policies in a hierarchy tree can inherit or override the settings and rules of parent policies, see Policies, inheritance, and overrides.
After assigning a policy to a computer, you should still run periodic recommendation scans on your computer to make sure that all vulnerabilities on the computer are protected. See Manage and run recommendation scans for more information.
By default, any changes to a security policy are automatically applied to the computers that use the policy. You can change this so that changes need to be sent manually.
- Open the Policy editorTo open the Policy editor, go to the Policies page and double-click the policy that you want to edit (or select the policy and click Details). for the policy to configure.
- Go to Settings > General > Send Policy Changes Immediately.
- To immediately send changes, select Yes. To manually send changes, select No.
- Click Save to apply the changes.
To manually send policy changes, find affected computers on the Computers page, right-click them, and click Send Policy.
To export a policy to an XML file, select a policy from the policies tree and click Export > Export Selected to XML (For Import).