I have a question about the policy configuration of EPP.
If I have activated the scheduled scan for a certain interval under "manual scans" and also activated the automatic check for updates in the softare updater, do I also have to create an extra task under "automatic tasks" for this to work ?
Or what is the difference to configure this in the tasks or directly in the config for scans/software updates ?
Thanks in advance for your help !
- Every time you install with our software updater it also performs a scan before installation - so if you have a schedule for periodic installation you also end up scanning for missing updates.
- If you have selected "Scan automatically for missing updates" under the Software Updater section, then you don't need to create a separate automated task for further scanning. Generally this will result in a scan every day so you should be pretty well covered. As an alternative you can disable that setting and create an automated task if you want more control over the schedule (for example if your devices are running overnight you could create a task with @midnight schedule and also "Start when available" selected, this way all computers running at midnight would perform a scan at that time, and the rest would run it once they are started).
- For manual scans we will be migrating them completely to automated tasks. We'll try to do that automatically, but if you prefer you can create a task automatically and remove the old configuration already before we do it. If you keep both then you will end up with two scans which is probably not wanted.
- For firewall events, we currently only create security events for block events where the rule contains the selection to "send alert". For this reason I assume security events will only be generated based on our applied rules since it would be hard to apply the "send alert" setting to Windows rules.
- Email notifications is the main reason why security events is still marked as pilot (other is export but that is coming very soon). Basically we will be doing this, but unfortunately it looks like it won't happen during Q1.
Security Events will only be created based on specific rules defined in the profile, so not for "catch all", this is something we might reconsider in the future though (but I fear the volume of events would be significantly bigger then now).1
Ok, all right, thanks for the help! Now all questions are solved :)1
Manual scan has nothing to do with Software Updater.
Did you mean manual/automatic scan for Software Updater?
Perhaps, it would be better if you can clarify what config you are trying to achieve, including some screenshots on which feature if you are confused.1
sorry for the late reply.
I will try to explain it in more detail.
When I create a policy for Windows devices, I can select to install updates automatically. And for the automatic installation, I am referred to the auomatized tasks. There I can create a task that on a certain time the updates are installed. My question is now, whether I have to create an extra task for the search of updates, because this task can be also created under automatic tasks. However, I have already turned on the automatic search in the configuration of the software updater. The same applies to the manual malware scan. I have activated the scheduled scan under the configuration of scheduled scans. However, I can create a task for this again under the automated tasks. Is this necessary to do this both or is it enough case to set this in the respective product configuration ?
Other questions that have now arisen are whether F-Secure creates an alert only for firewall events triggered by F-Secure firewall rules or also for rules that were allowed in the configuration from the default defender firewall.
The last question would be, do you know if it is also possible to get email alerts for events in the new security events pilot. I could not find a setting anywhere. The only thing I found was for infections. But I would also find it quite nifty to receive other useful events that the security events pilot captures via email. (e.g. when real-time protection was disabled on a client or DatatGuard blocked something...).
Sorry for the long text, but I hope my questions are now formulated a little clearer :)
thank you very much for your answer. Now everything is a bit clearer.
I still have one question about the firewall. If I have only allow rules, but block all other rules, will events be created for events that are not allowed by the allow rules, so are also blocked ? Because with the allow rules I can't specify what happens to things that don't match those rules...0