How Location Properties Work

Each agent, on which the CPM client resides, receives a complete list of all the Actions deployed from the server through the various Tasks. The individual Agents check themselves against the list and create a short-list of only those Actions that apply to them. In the current example, relevance is determined by IP address. Configuration 1 is going to be deployed to all Agents, but only those Agents running on an endpoint with an IP address in the subnet defined for San Francisco will pick up the configuration. You will be able to see this self-selection at work when you create the second configuration and apply it to a different Location. One Action will be picked up by San Francisco endpoints and the other by German endpoints.

Agents remain in sync with new relevance expressions by frequently checking the server for updates. Agents also maintain a detailed description of themselves that may include hundreds of values describing their hardware, the network, and software.

In short:

  • First, define some locations.

  • Second, configure your scan, firewall, or URL filtering settings.

  • Next, save the settings to a Task and create an Action to target some given endpoints.

When you deploy the Task, the server converts the Action details into a relevance expression, which is sent to all Agents at the endpoints. Each Agent checks itself against the relevance expression and takes the Action required for every match found.

Creating the First Configuration and Task

Procedure

  1. From the console menu, click Endpoint Protection on the bottom left pane.
  2. From the upper left navigation pane, go to Core Protection Module > Configuration > Global Settings > Global Settings Wizard. The Global Settings Wizard screen opens.
  3. Enable Configure scan settings for large compressed files and enter the limits shown here:

    • Do not scan files in the compressed file if the size exceeds 2MB

    • Stop scanning after CPM detects 2 virus/malware in the compressed file.

  4. Click the Create Global Scan Settings Configure Task button. The Edit Task window opens
  5. Type a descriptive (or memorable) name for the Task such as, Skip 2MB-2.
  6. Click OK to close the windows. At the prompt, type your private key password and click OK to create the new global policy.
  7. The new policy now appears in the Configuration > Global Settings > Custom Tasks.

Creating the Second Configuration and Task

Procedure

  1. From the console menu, click Endpoint Protection on the bottom left pane.
  2. From the upper left navigation pane, go to Core Protection Module > Configuration > Global Settings > Global Settings Wizard. The Global Settings Wizard screen opens.
  3. Remove the check from Configure scan settings for large compressed files.
  4. Click the Create Global Settings Configuration Task button. The Create Task window opens.
  5. Type a descriptive (or memorable) name for the Task such as, Scan BIG.
  6. Click OK to close the windows. At the prompt, type your private key password and click OK to create the new global policy.
  7. The new policy now appears in the Configuration > Global Settings screen.

Making the Configurations Location-Specific

Procedure

  1. From the console menu, click Endpoint Protection on the bottom left pane.
  2. From the upper left navigation pane, go to Core Protection Module > Configuration > Global Settings > Custom Task > Skip 2MB-2 (the task you just created.)The Description window opens..
  3. Under the Actions heading, click the hyperlink to configure the policy settings. The Take Action window opens to the Target tab.
  4. Select All computers with the property values selected in the tree below.

  5. Next, click the All Computers tree and then By Retrieved Properties > By Subnet Address to open that branch.
  6. Choose the Location name you created for the San Francisco subnet in How Location Properties Work.
  7. With your location still selected, click the Execution tab.
  8. Remove any Constraints that you do not want to apply (such as a Start and End date), and in the Behavior section, make sure only the following option is enabled: Reapply this action... whenever it becomes relevant again.

  9. Click OK and then enter your password when prompted.
  10. Repeat this procedure for the second configuration and Task (choose Scan BIG from the Global Settings screen), and use the Location name you used for the Germany subnet.