Novell ZENworks Endpoint Security Management 3.5 用户手册
ZENworks® ESM 3.5
Administrator’s Manual
135
Integrity and Remediation Rules
ESM provides the ability to verify required software is running on the endpoint, and provides
instant remediation procedures if the verification fails.
instant remediation procedures if the verification fails.
Antivirus/Spyware Rules
Antivirus/Spyware Integrity checks verify that designated Antivirus or Spyware software on the
Endpoint is running and up to date, and can mandate immediate remediation, restricting a user to
specific updates until the endpoint is in compliance. It can also establish rules which will
automatically place non-compliant devices into a safe, customizable quarantine zone, preventing
infection of other users on the network by this endpoint. Once endpoints are determined
compliant by a follow-up test, security settings automatically return to their original state.
Endpoint is running and up to date, and can mandate immediate remediation, restricting a user to
specific updates until the endpoint is in compliance. It can also establish rules which will
automatically place non-compliant devices into a safe, customizable quarantine zone, preventing
infection of other users on the network by this endpoint. Once endpoints are determined
compliant by a follow-up test, security settings automatically return to their original state.
Note:
This feature is only available in the ESM installation, and cannot be used for UWS security policies.
Advanced Scripting Rules
Along with simple menu-driven integrity rule creation mechanisms, ESM includes an advanced
integrity rule scripting tool which gives administrators the ability to create extremely flexible and
complex integrity rules and remediation actions.
integrity rule scripting tool which gives administrators the ability to create extremely flexible and
complex integrity rules and remediation actions.
The scripting tool uses the common scripting languages VBScript or JScript to create rules which
contain both a trigger (when to execute the rule) and the actual script (the logic of the rule).
contain both a trigger (when to execute the rule) and the actual script (the logic of the rule).
The triggers or events that cause the execution of the rule include startup, location change, time
interval, time of day, adapter arrival or removal, media connect or disconnect, policy update,
process change, etc.
interval, time of day, adapter arrival or removal, media connect or disconnect, policy update,
process change, etc.