Create or edit a remediation policy
In this topic, you will learn how to create and assign a remediation policy in Portnox™ Cloud.
To understand what are policies in Portnox Cloud, what types of policies are available, and how they work together with accounts and groups, read the following topic: What are policies in Portnox Cloud?.
Remediation policies are automatic actions that Portnox AgentP performs on the device before granting it access to the network. Actions that AgentP performs are based on conditions that you define in the remediation policy in Portnox Cloud.
-
In the Cloud portal top menu, click on the Policies option.
-
In the Cloud portal left-hand menu, click on the REMEDIATION POLICIES tile.
-
In the right-hand side pane, click on the Create a new Policy link to create a new policy.
Note: You can also click on the Edit link on the right-hand side of the selected line that represents an existing policy. The creation and editing processes are almost the same.
-
In the Policy Name field, enter the name for the new policy and in the Policy
Description field, enter an optional description.
-
In the AGENTP section on the left-hand side, select the operating system to configure the
actions for this operating system.
Each policy contains rules for all operating systems. If you do not configure a specific operating system, Portnox Cloud will use default settings for that operating system.
For detailed description of all available actions, see the section Remediation policy actions below.
- In the right-hand side pane, configure the actions for the selected operating system.
- Repeat the above steps for other operating systems.
-
To save your policy settings, click on the Save button on the bottom right of the page.
Result: You created or edited a remediation policy. You can now assign this policy to groups.
To assign policies to groups, see the following topic: Assign policies to a group.
Remediation policy actions
In this section, you will learn to configure all remediation policy actions for different operating systems.
-
Antivirus Live Update: If the installed Portnox
Cloud-supported antivirus application is not up to date, Portnox Cloud will perform a live update.
This action can be Immediate or on a Recurring schedule. If on a schedule, Portnox Cloud can perform the action with a configured Interval or on selected days of the week at a selected time (Daily).
- Antivirus Start: If Portnox Cloud detects that the installed Portnox Cloud-supported antivirus application is disabled, it will immediately enable it.
-
Application removal: If the specified applications are installed, Portnox Cloud will remove
them.
This action can be Immediate or on a Recurring schedule. If on a schedule, Portnox Cloud can perform the action with a configured Interval or on selected days of the week at a selected time (Daily).
- Click on the Add application link to enter the name of the application.
- Click on the Save button to save the name.
- Repeat if necessary for other application names.
- Bridging Disable: If Portnox Cloud detects that bridging is enabled on the device, it will immediately disable it.
- Firewall Start: If Portnox Cloud detects that the default/built-in firewall is disabled, it will immediately enable it.
- Internet sharing Disable: If Portnox Cloud detects that Internet sharing is enabled on the device, it will immediately disable it.
-
Login Script: Portnox Cloud will execute the specified custom script upon user login.
- Click on the Run as user checkbox to enable it and execute the specified script from the user’s system account.
- In the Command line operation section, enter the 64-bit path, 32-bit path, and arguments.
-
Periodic Script: Portnox Cloud will execute the specified custom script periodically.
This action can be performed with a configured Interval or on selected days of the week at a selected time (Daily).
- Click on the Run as user checkbox to enable it and execute the specified script from the user’s system account.
- In the Command line operation section, enter the 64-bit path, 32-bit path, and arguments.
-
Process Terminate: If Portnox Cloud detects that specified processes are running on the
device, it will immediately terminate them.
- Click on the Add process link to enter the name of the process.
- Click on the Save button to save the name.
- Repeat if necessary for other process names.
-
Registry keys: If Portnox Cloud detects that specified required registry keys are missing in
the operating systems, it will add them. If Portnox Cloud detects that specified forbidden registry keys are present
in the operating systems, it will delete them.
This action can be performed with a configured Interval or on selected days of the week at a selected time (Daily).
- Click on the Add new registry key link to enter the details of the registry key.
- Select the operation mode: Preserve to preserve required registry keys or Delete to delete forbidden registry keys.
- In the Root field, select the registry key root.
- In the Key, Value name, and Value fields, enter relevant key and value information for the required registry key.
- In the Value type field, select the value type: None, Int, String, or Bytes.
- Click on the Add button to add the key.
- Repeat if necessary for other registry keys.
-
Service/Daemon Restart: If Portnox Cloud detects that specified services/daemons are not
running on the device, it will start them.
This action can be Immediate or on a Recurring schedule. If on a schedule, Portnox Cloud can perform the action with a configured Interval or on selected days of the week at a selected time (Daily).
- Click on the Add service link to enter the name of the service/daemon.
- Click on the Save button to save the name.
- Repeat if necessary for other service/daemon names.
-
Service/Daemon Start: If Portnox Cloud detects that specified services/daemons are not
running on the device, it will start them.
This action can be Immediate or on a Recurring schedule. If on a schedule, Portnox Cloud can perform the action with a configured Interval or on selected days of the week at a selected time (Daily).
- Click on the Add service link to enter the name of the service/daemon.
- Click on the Save button to save the name.
- Repeat if necessary for other service/daemon names.
-
Service/Daemon Stop: If Portnox Cloud detects that specified services/daemons are running on
the device, it will stop them.
This action can be Immediate or on a Recurring schedule. If on a schedule, Portnox Cloud can perform the action with a configured Interval or on selected days of the week at a selected time (Daily).
- Click on the Add service link to enter the name of the service/daemon.
- Click on the Save button to save the name.
- Repeat if necessary for other service/daemon names.
-
USB peripheral Disconnect: If Portnox Cloud detects that specified USB peripherals are
connected to the device, it will immediately disconnect them.
- Click on the Add device link to select a device type from a list.
- Click on the Save button to save the selected type.
- Repeat if necessary for other device types.
The list includes types of peripheral devices such as printers, scanners, cameras, card readers, and more.
Note: AgentP monitors USB connection/disconnection events even without this remediation policy active, but unless the policy is active, it does not report it to Portnox Cloud.