Before we begin with Custom HI Policy lets first check What is Host-Integrity Policy in SEP...
Host Integrity OR HI gives you the ability to define, enforce, and restore the security of clients to secure enterprise networks and data. You set up Host Integrity Policies to verify that clients attempting network access are running antivirus software, patches, and hot-fixes and other application criteria. You set up Host Integrity Policies to run on client computers at startup and periodically afterward.
Why Custom Requirements?
To begin with Custom Requirements, we would like to term them as administrator-selected or defined criteria. We can write custom requirements to remediate any identified compliancy issues. We may create a complex or a simple requirement script by using predefined selections and fields. The fields and lists that are available in the predefined requirement dialog boxes are available when you create custom requirements. However, custom requirements give you more flexibility. In custom requirements, you can add the applications that are not included in the predefined lists of applications. You can create subsets of predefined lists by adding each application individually.
Now lets take a look at Custom HOST INTEGRITY (HI) Policy using the “CUSTOM REQUIREMENT LOGIC”
We can write the custom requirements by using the script-like logic. These rules use the following
logic from a list on predefined conditions and actions.
About the RETURN statement
You can add a RETURN statement to specify the overall Host Integrity result of the requirement. The RETURN statement includes the PASS keyword and the FAIL keyword. All custom requirements must include a RETURN statement at the end. Unlike a predefined requirement, a custom requirement must explicitly specify what the result of the Host Integrity check will be. In some cases, the evaluation of a set of conditions as being true should be interpreted as the custom requirement passing Host Integrity evaluation. In other cases, you may want the same evaluation to be interpreted as failing Host Integrity evaluation.
About the IF, THEN, and ENDIF statement
You can define the primary logic structure of a custom requirement by one or more IF, THEN, and ENDIF statements. An IF, THEN, and ENDIF statement defines a structure in which specific conditions are checked (IF), and the actions that are taken when those conditions are evaluated as being true (THEN). You can nest IF, THEN, and ENDIF statements to form more complex custom requirements. You must nest the IF, THEN, and ENDIF statements whenever one condition must be true before another condition can be evaluated.
About the ELSE statement
An IF, THEN, and ENDIF statement is limited to a set of conditions and a set of actions that are executed when the conditions are evaluated as being true. In many cases, you may need to specify one or more actions to be taken to perform a desired remediation action. You may add an ELSE statement to identify the actions to be taken whenever the specified conditions are evaluated as being false.
About the NOT keyword
You can use the NOT keyword to reverse the logical evaluation of a particular condition. After a condition has been added to the custom requirement script, you can right-click the condition and select Toggle NOT to reverse the logical of the condition. The use of the NOT keyword does not change the overall true and false evaluation of the IF statement. It reverses only the true and false state of a particular condition.
About AND, OR keywords
You can specify multiple conditions within an IF, THEN, or ENDIF statement; however, additional keywords must be added to accomplish this. Within any IF statement, you can add the AND OR keywords to logically associate multiple conditions. The logical association of the conditions directly affects the overall true or false evaluation of the IF statement. If you use the AND keyword in an IF statement, all the conditions in the IF statement must be evaluated as true for the IF statement to be true. If you use the OR keyword, only one of the conditions in
the IF statement must be evaluated for the IF statement to be true. When you specify multiple conditions, you must interpret the logical association of the conditions to anticipate what the correct true or false evaluation should be. The custom requirement script does not display the expression with a parenthesis format, but with nested keywords and nodes. The first expression always begins with the first condition specified, and continues as long as the same logical operator keyword is used. For example, you can use the OR keyword to associate three different conditions. As long as you use the OR keyword, all the conditions are contained within the same logical expression.