Endpoint Protection

 View Only

  • 1.  Can an integrity check be made completely invisible to the user?

    Posted Sep 21, 2018 11:31 AM

    I setup a host integrity check with notifications turned off, but machines that failed the check still have a SEP icon indicator and a warning message "Your computer failed its security compliance check.  Please see the Client Managemnet Security log for more information."

     

    Can an integrity policy be configured to provide no end-user visibility at all?



  • 2.  RE: Can an integrity check be made completely invisible to the user?

    Posted Sep 21, 2018 12:32 PM

    In the HI policy on the Advanced Settings tab there is the notifications section. All should be unchecked.



  • 3.  RE: Can an integrity check be made completely invisible to the user?

    Posted Sep 21, 2018 01:13 PM

    They are.  I'm looking at the host integrity policy that was applied, and under Advanced Settings/Notifications, all three boxes are unchecked.  



  • 4.  RE: Can an integrity check be made completely invisible to the user?
    Best Answer

    Posted Sep 21, 2018 02:14 PM

    Here's the answer (courtesy of support):

      Within every requirement within the host integrity policy you need to check "Allow the host integrity check to pass even if this requirement fails" - that box must be checked to prevent end-user notification in the form of the SEP systray icon changing and the warning in the SEP screen.  The back-end server will still get notified that elements of the policy have failed.

     

      I should note that this is not clear in the docs or the GUI.  The Notification section of the policy seems to be strictly to make custom notifications.  The product should make this clearer, if anyone in the product team is reading.  Thanks!