This document is intended for an audience that wants to implement only the basic functionality and protections provided by Ivanti Endpoint Security.
Endpoint Security Basic Protection
At it's core, Ivanti Endpoint Security with basic settings within the Application Control sub-component can provide the following protections:
- Logging of Security violations stored on the core server
- Protection of the Ivanti client directories
- Protection of the Endpoint Security Client itself
- Protection against malicious processes running scripts
- Malicious use of Windows FTP
- Isolation between scripts and Outlook email (other email executables can be added)
- Protect scripts from writing to the hard disk
- Protection against fake Windows processes
- Protection of the DNS host files
- The ability to add application-level buffer overflow protection (32-bit OS only)
- Kernel-level, rule-based file-system protection that restricts actions that executable programs can perform on specified files
- Windows Registry protection
- Ability to notify/remove programs added to the system startup
- Preventing of unauthorized SMTP use
- Kernel-level protection against application memory modifications.
- Network filtering (Ivanti Firewall), preventing unauthorized network connection, or unauthorized local server.
How to configure Endpoint Security basic protection
Configure the top-level Endpoint Security Settings
- Within the Configuration tool group, click on the Agent Configuration tool.
- Create a New Agent Configuration or Edit an existing Agent Configuration.
- In the Start section of the Agent Configuration check the box next to Endpoint Security.
- Under the Distribution and Patch group open the Security and Compliance sub-group.
- Click on the Endpoint Security section and click Configure.
- Either create a New Endpoint Security Setting or Edit an existing Endpoint Security setting.
The following settings are recommended:
- Give the setting a descriptive name
- Add an Administrator password
- Uncheck the box to allow the Service Control Manager (services.msc) to stop the Ivanti Endpoint Security service.
- Select whether or not you want the Endpoint Security icon to show in the taskbar notification area.
Configure the Application Control settings
- Select the "Default Policy" section and check the box next to "Application Control" and click the "..." to the right.
- Create a New Application Control Setting or edit an existing one.Give the setting a descriptive name.Select the
- Mode Configuration and set the following settings:
- Make any other changes to the Agent Configuration as necessary and save it.
- Distribute the Agent to client computers.
Installing Endpoint Security to Agents that do not have it already installed.
- Open the Security Activity tool within the Security and Compliance tool group.
- Select "Install/Update security components" within the "Create a Task" drop-down.
- Rename the task to "Install or Update Endpoint Security".
- Select the checkbox next to "Endpoint Security".
- Select an EPS setting that you want to set on the client or leave it at "Keep agent's current settings" which will use the current settings if EPS already exists or use the default settings if it is installing EPS for the first time.
- Click "Save".
At this point, a Scheduled Task will be created that can be Scheduled according to your preferences.