Most policies in CloudRadial are based on a custom parameter that defines the criteria for exceptions. The following list defines the available policies and the associate parameter, as well as how the policy looks for exceptions.
Applications (Technical)
| Name | Description | Type | Parameter |
|
Applications |
|||
| Application Category Search | Ensures no applications are installed from a particular category. | Text | Category contains text. Ex: bloatware |
| Application Publisher Search | Ensures no applications are installed from a particular publisher. | Text | Publisher contains text. Ex: activision |
| Application Search | Ensures no applications are installed matching a particular name. | Text | Application contains text: Ex: itunes |
| Cloud Storage Search | Ensures no applications are installed that are flagged as Cloud Storage. | Cloud storage is a checkbox defined when editing applications. | |
Applications (Practical)
| Application Category Search |
| What does it do? Ensures no applications are installed from a particular category in the category column found in the software inventory list under Infrastructure > Software. |
| How does it work? Compares software inventory pulled by agent from machines to a table on the CloudRadial backend that labels software in particular categories (browsers, bloatware, etc). |
| Parameter use case? Flag categories of applications as policy violations, like bloatware. If an application is known to be bloatware but is showing up as blank on the category list, you can click on the item and hit "edit" to place it in a category yourself. |
| Application Publisher Search |
| What does it do? Ensures no applications are installed from a particular publisher in the publisher column found in the software inventory list under Infrastructure > Software. |
| How does it work? The agent looks at the publishers that are listed with each piece of software on a given machine and uploads them into a list in CloudRadial. |
| Parameter use case? Flag specific publishers, like game creators (Activision, Blizzard, etc) |
| Application Search |
| What does it do? Ensures no applications are installed matching a particular name found in the name column under Infrastructure > Software. |
| How does it work? The agent pulls the name of the software applications and lists them under the column - this one is a simple match on a case-by-case basis. |
| Parameter use case? Flag specific application directly, like iTunes or Spotify. |
| Cloud Storage Search |
| What does it do? Ensures no applications are installed that are flagged as "Cloud Storage" in the cloud storage column under Infrastructure > Software. |
| How does it work? Compares the applications pulled by agent from machines to a table on the CloudRadial backend that lists known cloud storage providers. |
| Parameter use case? Flag third-party and unauthorized cloud storage providers to prevent data leakage, like Dropbox or Box. If an application is known to be cloud storage but is showing up blank on the cloud storage list, you can click on the item and hit "edit" to define it as cloud storage yourself. |
Domains (Technical)
| Name | Description | Type | Parameter |
|
Domain |
|||
| Domain Expiration | Checks for upcoming domain expirations. | Num | Number of days until expiration. Ex: 30 |
| Certificate Expiration | Checks for upcoming website certificate expirations. | Num | Number of days until expiration. Ex: 14 |
Domains (Practical)
| Domain Expiration |
| What does it do? Checks for upcoming domain expirations that are listed under Infrastructure > Domains. |
| How does it work? If domain data is stored within Office 365, it'll get pulled in when you sync your tenant through. Otherwise, you can manually track domain data under Infrastructure > Domains and use that for this policy. |
| Parameter use case? Flag the number of days before domain expiration to keep domains up-to-date and accurate for clients. |
| Certificate Expiration |
| What does it do? Checks for upcoming certificate expirations that are listed under Infrastructure > Domains. |
| How does it work? SSL security certificates must be manually added by the MSP to track expiration data under Infrastructure > Domains, under the Certificates tab. The expiration date found for the domain is used that for this policy. |
| Parameter use case? Flag the number of days before certificate expiration to keep websites up-to-date and secure for clients. |
Endpoints (Technical)
| Name | Description | Type | Parameter |
|
Endpoints |
|||
| Administrator Restrictions | Checks to make sure no users have administrative access. | ||
| Antivirus - Third Party | Adds an additional set of threat intelligence analysis. | ||
| Antivirus Installed | Provides an important layer of protection for workstations. | ||
| Current OS Version | Checks workstation OS against valid list. Multiple versions are separated with a comma ','. | Text | Version contains text: Ex: windows 10 |
| Encrypted Hard Drive | Prevents unauthorized access to data even if the hard drive is removed. | ||
|
Free Space Available |
Ensures adequate space is available on hard drives. | Num | Free space percentage. Ex: 10 |
|
Managed by Intune |
Checks to make sure device is under Intune management. | ||
|
Monitor Count |
Checks for a minimum number of monitors. | Num | Number of monitors. Ex: 2 |
| Old Technology | Looks for workstations based on technology in excess of months specified. | Num | Number of months since processor release. Ex: 36 |
| OneDrive Desktop Mapping | Checks desktop folder is mapped to OneDrive. | ||
| OneDrive Documents Mapping | Checks documents folder is mapped to OneDrive. | ||
| OneDrive Pictures Mapping | Checks pictures folder is mapped to OneDrive. | ||
| Password Required | Checks for enabled user accounts not requiring a password. | ||
| Past Endpoint Lifecycle | Looks for workstations based on original ship date past the preferred lifecycle. | Num | Number of months past ship date. Ex: 36 |
| Personal OneDrive | Checks for active personal OneDrive account. | ||
| Real-time Antivirus/Antivirus - Vendor | Ensures approved antivirus is installed. | Text | Vendor name contains text. Ex: webroot |
| Recent OS Updates | Ensures the latest protections from threats. | Num | Number of days since last OS update to start flagging alerts: Ex: 45 |
| Screensaver Enabled | Ensures that workstations are secured with a screensaver for privacy. | ||
| Slow Performance | Looks for workstations that perform below 80% of current average PassMark(R) score. (i5-8350U) | Num | Passmark score of an average workstation. Ex: 8161 |
| Software Installed | Ensures that the specified application is installed on all workstations. | Text | Application name contains text: Ex: skype for business |
| Software Not Installed | Checks workstations to ensure specified application is not installed | Text | Application name contains text: Ex: spotify |
| System Memory | Checks to make sure the endpoint has the recommended amount of memory. | ||
| Version Not Installed | Checks workstations for a particular software and version based on parameter. Name and version are separated with a comma ','. | Text | Application name and version contains text: Ex: office 365 pro,16.0 |
| Warranty Coverage | If available, checks to see if workstation is under warranty coverage. Unknown is compliant. | ||
| Window Defender AV Update | Checks for a recent Windows Defender Antivirus update. | Num | |
| Windows Defender Enabled | Checks to make sure Windows Defender is enabled. | ||
| Windows Defender Full Scan | Checks for a recent Windows Defender full scan. | Num | |
| Windows Defender Quick Scan | Checks for a recent Windows Defender Quick scan. | Num | |
| Windows Defender Spyware update | Checks for a recent Windows Defender Spyware update. | Num | |
Endpoints (Practical)
| Administrator Restrictions |
| What does it do? Checks for enabled user accounts on a given endpoint that contain profiles with administrator access. |
| How does it work? Agent checks in with WMI running on local machines to see if it contains local profiles with admin permissions. If WMI reads that an account has admin access enabled, so will the CloudRadial agent. |
| Parameter use case? No parameter to set - automated to find any account with administrator permissions and flag it as an endpoint exception. |
| Antivirus - Third Party |
| What does it do? Looks for any antivirus solution besides Windows Defender, displayed under the "Overview" tab of a given endpoint under Infrastructure > Endpoints, under the "Protection" area. |
| How does it work? The agent scans Windows Security Center to detect third-party antivirus solutions, which it then reports back into CloudRadial and displays in the individual area. |
| Parameter use case? No parameter to set - automated to find anything besides Windows Defender. Will flag if nothing is found except for Windows Defender (or nothing at all). |
| Antivirus Installed |
| What does it do? Checks for an antivirus solution to be installed on the machine, even if it's just Windows Defender, displayed under the "Overview" tab of a given endpoint under Infrastructure > Endpoints, under the "Protection" area. |
| How does it work? The agent scans Windows Security Center to detect any active antivirus solutions from the Windows Security Center, which it then reports back into CloudRadial. |
| Parameter use case? No parameter to set - automated to find anything security protection at all. Will only flag if there's nothing active in the first place. |
| Current OS Version |
| What does it do? Checks the endpoint operating system version against a list. Multiple versions can be searched for in one policy given that they're separated with a comma (,) |
| How does it work? The agent is able to natively grab the OS from the endpoint's config to display the information under the "Overview" tab of Infrastructure > Endpoints (right under the endpoint's name at the top). |
| Parameter use case? Flag specific OS versions to keep infrastructures up-to-date on the latest and most updated OS versions. Input the version you want everyone to have - all other OS types will be flagged as a risk. Commonly, this should just be "Windows 10". |
| Encrypted Hard Drive |
| What does it do? Checks the drives connected to the endpoint for encryption, displayed under the "Overview" tab of a given endpoint under Infrastructure > Endpoints, under the "Storage" area. |
| How does it work? The agent pulls info from these drives and checks to see if it has Bitlocker Drive Encryption protection turned on. Even drives that are temporarily connected, such as unsecured USB drives, can cause this to fail. All drives must be encrypted for the endpoint to pass the encryption test - with the only exception being recovery drive partitions. If an unencrypted drive is plugged in at time of policy scan, it will fail. A rescan may help pass the test once the drive has been removed. |
| Parameter use case? No parameter to set - automated to find Bitlocker Drive Encryption for each reachable drive. |
| Free Space Available |
| What does it do? Checks the drives on the endpoint for the remaining space available, displayed under the "Overview" tab of a given endpoint under Infrastructure > Endpoints, under the "Storage" area. |
| How does it work? Reads the drives under "This PC" on the local machine and reports them back to CloudRadial. |
| Parameter use case? Flag the tolerable percentage of space remaining before the drives become at risk for data loss and drive failure. Example: If you want to allow drives to get 90% full before the policy fails for a given endpoint, set the parameter to 10 (no percentage sign needed). |
| Managed by Intune |
| What does it do? Checks to make sure device is under Intune management. |
| How does it work? |
| Parameter use case? Flags a machine if it does not show that it is not under Microsoft Intune Management; Microsoft Intune management adds additional protections for endpoints. |
| Modern Disk Storage |
| What does it do? Checks the storage on the endpoint to ensure it's using SSD storage displayed under the "Configuration" tab of a given endpoint under Infrastructure > Endpoints, under the "Drives" area. |
| How does it work? Agent checks in with Windows Drive Optimizer and pulls back data reports into CloudRadial for which drives are spinning disk HDDs and SSDs. To pass this policy, all storage drives must be SSDs. |
| Parameter use case? No parameter to set - automated to find SSDs through the Windows Drive Optimizer. Will only flag if there's an HDD reported. |
| Monitor Count |
| What does it do? Checks for a minimum number of monitors. |
| How does it work? |
| Parameter use case? Flag when a user has less than 2 monitors. User productivity is enhanced when with more than one monitor. |
| Old Technology |
| What does it do? Looks for endpoint workstations that have processors older than a customizable amount of months to determine "old technology". Displayed under the "Configuration" tab of a given endpoint under Infrastructure > Endpoints, under the "Details" area. |
| How does it work? Agent checks the processor from Windows processes and reports it to a backend table on CloudRadial that's kept up-to-date with processors and their release dates which puts out an approximate age in the same details field. The policy is checked against that. |
| Parameter use case? Flag the maximum number of months a processor could be out before you deem it as "old technology". Out-of-the-box, CloudRadial's policy is set for 3 years (36 months). Any processor that is detected to have been released prior to 3 years ago will be flagged as failing the policy. |
| OneDrive Desktop Mapping |
| What does it do? Checks the OneDrive folder is mapped to the desktop, displayed under the "Configuration" tab of a given endpoint under Infrastructure > Endpoints, under the "Folder Storage Locations" area. |
| How does it work? Checks the file path of the OneDrive folder to ensure it's not directly on the desktop of a given user's endpoint with an additional business site link between them (commonly listed as C:\Users\SampleUser\OneDrive - Company\Desktop). |
| Parameter use case? No parameter to set - automated to find unmapped file locations to prevent unsecure saving practices and opportunities for data leakage and loss. Will flag if desktop is not set to backup under OneDrive mapping. |
| OneDrive Documents Mapping |
| What does it do? Checks the OneDrive folder is mapped to documents, displayed under the "Configuration" tab of a given endpoint under Infrastructure > Endpoints, under the "Folder Storage Locations" area. |
| How does it work? Checks the file path of the OneDrive folder to ensure it's not directly linking to the documents on a given user's endpoint with an additional business site link between them (commonly listed as C:\Users\SampleUser\OneDrive - Company\Documents). |
| Parameter use case? No parameter to set - automated to find unmapped file locations to prevent unsecure saving practices and opportunities for data leakage and loss. Will flag if documents is not set to backup under OneDrive mapping. |
| OneDrive Pictures Mapping |
| What does it do? Checks the OneDrive folder is mapped to pictures, displayed under the "Configuration" tab of a given endpoint under Infrastructure > Endpoints, under the "Folder Storage Locations" area. |
| How does it work? Checks the file path of the OneDrive folder to ensure it's not directly linking to the pictures of a given user's endpoint with an additional business site link between them (commonly listed as C:\Users\SampleUser\OneDrive - Company\Pictures). |
| Parameter use case? No parameter to set - automated to find unmapped file locations to prevent unsecure saving practices and opportunities for data leakage and loss. Will flag if pictures is not set to backup under OneDrive mapping. |
| Password Required |
| What does it do? Checks for enabled user accounts on a given endpoint that aren't actively requiring a password to login. |
| How does it work? Agent checks in with WMI running on local machines to see if it's flagging the password as turned on in a user-by-user basis. If WMI reads that a password is enabled, so will the CloudRadial agent. |
| Parameter use case? No parameter to set - automated to check with WMI for password required for accounts. Will flag if account is not set to use a password, according to WMI. |
| Past Endpoint Lifecycle |
| What does it do? Checks the computer's ship date, displayed under the "Configuration" tab of a given endpoint under Infrastructure > Endpoints, under the "Details" area. |
| How does it work? At the time of writing, CloudRadial supports native ship date reporting for Dell, Lenovo, and Windows computers. The first-time log in date information is stored in such a way that the agent can make a call to check to see how long it's been since they've shipped. |
| Parameter use case? Flag the maximum number of months a computer can be shipped out before you deem it as "past the lifecycle". Out-of-the-box, CloudRadial's policy is set for 3 years (36 months). Any ship date that is exceeds 3 years of age will be flagged as failing the policy. |
| Personal OneDrive |
| What does it do? Checks for active personal OneDrive account, displayed under the "Overview" tab of a given endpoint under Infrastructure > Endpoints, under the "OneDrive Usage" area. |
| How does it work? The agent checks in with the given endpoint's registry to determine which OneDrive accounts are "business" and which are "personal". It will flag each accordingly - commonly, you'll see the personal one come through as "Not Used" if the user hasn't gone through with setting it up on their PC. |
| Parameter use case? No parameter to set - automated to check with registry for personal OneDrive on the endpoint to prevent potential data leakage for a company. Will flag if account has a personal OneDrive setup, even if not in use. |
| Real-time Antivirus/Antivirus - Vendor |
| What does it do? Ensures a specified antivirus is installed, displayed under the "Overview" tab of a given endpoint under Infrastructure > Endpoints, under the "Protection" area. |
| How does it work? The agent pulls the name of the software applications on a given endpoint and lists them under Infrastructure > Endpoints, on the "Software" tab under the first "Name" column. This policy seeks to match the parameter with the name on that software list, using whatever is a close match.
Example: "sophos" would flag any instances of Sophos, Sophos Protection Plus, and Sophos Elite Defense X as passing the policy. For more strict version use, put a more direct parameter such as "Sophos Protection Plus". |
| Parameter use case? Flag the endpoint antivirus solution that is the gold standard for your company. If the agent doesn't find the AV solution specified in a given endpoint's software inventory, the policy will fail for that endpoint. |
| Recent OS Updates |
| What does it do? Ensures the latest protections from threats by checking the machine has updated OS releases, displayed under the "Overview" tab of a given endpoint under Infrastructure > Endpoints, under the "Protection" area. |
| How does it work? The OS version is listed in WMI, which the agent checks for this policy. If WMI detects a new critical update for Windows machines, the agent will cross-compare it to the current version. If it's older than the same version that's installed, the policy will fail and display a red date under "Last OS Update". |
| Parameter use case? Number of days since recent major OS patch. Default is 45 days. 0 indicates to use the default setting. |
| Screensaver Enabled |
| What does it do? Checks to see that workstations are secured with a screensaver for privacy, displayed under the "Users" tab of a given endpoint under Infrastructure > Endpoints, under the "User Access Accounts" area. |
|
How does it work? The agent looks at the Windows endpoint's registry to determine if the screensaver is enabled. Even if a nonstandard third-party screensaver is enabled but not triggering the registry to show as enabled, the policy will fail for a given endpoint. To trigger correctly, the screensaver needs to be active, have a timeout after a certain set of minutes, require a password upon unlock. The screen saver policy only works on local users, not those managed through Azure or group policy. It looks at whether the screen saver is enabled, has a timeout AND requires a password on restart. Currently, there is no way to detect anything other than local user settings. |
| Parameter use case? No parameter to set - automated to check the registry and report back whether the Windows system sees the screensaver enabled for that computer. |
| Slow Performance |
| What does it do? Check to see if a given endpoint is performing below 80% of the current average PassMark(R) score of a processor (system default set parameter is Intel i5-8350U). While not actively displayed in the endpoint configuration screen under a given endpoint in Infrastructure > Endpoints, it will measure the current detected CPU against the set parameter. |
|
How does it work? The agent reads the CPU from the given endpoint and runs it against the PassMark(R) score that's kept on CloudRadial's backend but pulls directly from PassMark(R) as they update it. If the reported CPU is lower than 80% of the set parameter's score, it will get flagged as slow performance. More details on the PassMark(R) scores can be found on their site, linked here, under the "CPU Mark" column: https://www.cpubenchmark.net/cpu_list.php |
|
Parameter use case? Flag the parameter to your CPU's gold standard score. For example, if you mainly deal with 8th-gen Intel i3 processors (Intel Core i3-8100 @ 3.60GHz), you can pull the PassMark (R) score from the link above (in this case, 6255) and input that as your parameter. Endpoints with CPU scores that meet and exceed that parameter are good to go - and even those that come within 80% of that score (in the example, 5004) will pass. Anything lower than 80% will be flagged as slow performance. |
| Software Installed |
| What does it do? Checks to make sure that the specified application is installed on the given endpoint machine. The individual machine software list can be found under Infrastructure > Endpoints, on the "Software" tab once you click on the endpoint. |
| How does it work? Simply checks to see if the specified application is installed on that endpoint by cross-referencing your parameter with the software inventory that the agent picks up. Will flag the endpoint if the software you selected isn't found on the machine. |
|
Parameter use case? Flag a critical piece of software that you need to see installed on all machines, like Microsoft Teams. This policy seeks to match the parameter with the name on that software list, using whatever is a close match. Ex: "NVIDIA" would flag any instances of NVIDIA, NVIDIA Backend, and NVIDIA GeForce Experience as passing the policy. If the software can't be found at all, the machine fails the policy. For more strict version use, put a more direct parameter such as "NVIDIA GeForce Experience". |
| Software Not Installed |
| What does it do? Checks to make sure that the specified application is not installed on the given endpoint machine. The individual machine software list can be found under Infrastructure > Endpoints, on the "Software" tab once you click on the endpoint. |
| How does it work? Simply checks to see if the specified application is not installed on that endpoint by cross-referencing your parameter with the software inventory that the agent picks up. Will flag the endpoint if the software you selected is found on the machine. |
| Parameter use case? Flag a critical piece of software that you don't want to see on all machines, like Spotify. This policy seeks to match the parameter with the name on that software list, using whatever is a close match.
Ex: "Spotify" would flag any instances of Spotify, Spotify Updater, and Spotify Add-on Tool as failing the policy. If the software can be found at all, the machine fails the policy. For more strict version use, put a more direct parameter such as "Spotify Updater". |
| Version Not Installed |
| What does it do? Checks the given endpoint for a particular software AND version based on parameter. Name and version are separated with a comma ','. The individual machine software list can be found under Infrastructure > Endpoints, on the "Software" tab once you click on the endpoint. |
| How does it work? The agent pulls the name of the software from the endpoint and lists it under the "Name" column of the given endpoint's software inventory. It also pulls the version history, found under the "Version" column, and lists it within the same area. |
| Parameter use case? Flag a certain software and version in one policy to ensure that that software and version isn't on the machine. Example: Google Chrome, 81.0. Useful for checking for outdated software and versions that should not on be the machine. |
System Memory |
| What does it do? Checks to make sure the endpoint has the recommended amount of memory. |
| How does it work? |
| Parameter use case? Flag a machine that does not meet the recommended amount of memory it should have to improve performance and user productivity. |
| Warranty Coverage |
| What does it do? Checks the given endpoint for warranty expiration information, displayed under the "Configuration" tab of a given endpoint under Infrastructure > Endpoints, under the "Details" area. |
|
How does it work? At the time of writing, CloudRadial supports native warranty reporting for Dell, Lenovo, and Windows computers. These manufacturers store their warranty credentials in such a way that the agent can make a call to check to see if they're covered under warranty. HP endpoints cannot have their warranty information queried due to their API being broken. NOTE: Endpoints that don't have a warranty field (meaning we couldn't find the warranty information) will automatically pass this policy, even if they're old and out of warranty. We don't flag it if we can't see it. |
| Parameter use case? No parameter to set - automated to check the warranty expiration date and flag the policy as failed if the date is past expiration. |
Windows Defender Antivirus Update |
| What does it do? Checks for a recent Windows Defender Antivirus update. |
| How does it work? |
| Parameter use case? Flag a machine that has not recently had an update for Windows Defender AV; Known threats change, software should be kept up-to-date. |
Windows Defender Enabled |
| What does it do? Checks to make sure Windows Defender is enabled. |
| How does it work? |
| Parameter use case? Flag a machine that does not have Windows Defender enabled on the device; Windows Defender adds an important layer of security to your devices. |
Windows Defender Full Scan |
| What does it do? Checks for a recent Windows Defender full scan. |
| How does it work? |
| Parameter use case? Flag a machine that has not recently had a full scan with Windows Defender; regular antivirus scans help protect systems from threats. |
Windows Defender Quick Scan |
| What does it do? Checks for a recent Windows Defender quick scan. |
| How does it work? |
| Parameter use case? Flag a machine that has not recently had a quick scan with Windows Defender; regular antivirus scans help protect systems from threats. |
Windows Defender Spyware Update |
| What does it do? Checks for a recent Windows Defender Spyware update. |
| How does it work? |
| Parameter use case? Flag a machine that has not recently been updated to the latest version of Windows Defender; Known threats change, software should be kept up-to-date. |
Servers (Technical)
| Name | Description | Type | Parameter |
|
Servers |
|||
| Antivirus - Installed | Provides an important layer of protection for servers. | ||
| Antivirus - Third Party | Adds an additional set of threat intelligence analysis. | ||
| Real-time Antivirus/ Antivirus - Vendor | Ensures approved antivirus is installed. | Text | Antivirus provider name contains text. Ex: webroot |
| Current OS Version | Checks server OS against valid list. Multiple versions are separated with a comma ','. | Text | Version contains text: Ex: server 2012,server 2016 |
| Encrypted Hard Drive | Prevents unauthorized access to data even if the hard drive is removed. | ||
| Free Space Available | Ensures adequate space is available on hard drives. | Num | Free space percentage. Ex: 10 |
| Managed by Intune | Checks to make sure server is under Intune management. | ||
| Old Technology | Looks for servers based on technology in excess of months specified. | Num | Number of months since processor release. Ex: 48 |
| Password Required | Checks for enabled user accounts not requiring a password. | ||
| Past Endpoint Lifecycle | Looks for servers based on original ship date past the preferred lifecycle. | Num | Number of months past ship date. Ex: 36 |
| Recent OS Updates | Ensures the latest protections from threats. | Num | Number of days since last OS update to start flagging alerts: Ex: 45 |
| Screensaver Enabled | Ensures that servers are secured with a screensaver for privacy. | ||
| Slow Performance | Looks for servers that perform below 80% of current average PassMark(R) score. (Xeon E3-1270 v6) | Num | Passmark score of an average workstation. Ex: 11115 |
| Software Installed | Ensures that the specified application is installed on all servers. | Text | Application name contains text. Ex: microsoft sql server |
| Software Not Installed | Checks servers to ensure specified application is not installed. | Text | Application name contains text. Ex: spotify |
| System Memory | Checks to make sure the server has the recommended amount of memory | ||
| Version Not Installed | Checks servers for a particular software and version based on parameter. Name and version are separated with a comma ','. | Text | Application name and version contains text: Ex: office 365 pro,16.0 |
| Warranty Coverage | If available, checks to see if server is under warranty coverage. Unknown is compliant. | ||
| Windows Defender AV update | Checks for a recent Windows Defender Antivirus update. | Num |
Number of days to trigger exception.
|
| Windows Defender Enabled | Checks to make sure Windows Defender is enabled. | ||
| Windows Defender Full Scan | Checks for a recent Windows Defender full scan. | Num |
Number of days to trigger exception. |
| Windows Defender Quick Scan | Checks for a recent Windows Defender quick scan. | Num |
Number of days to trigger exception. |
| Windows Defender Spyware Update | Checks for a recent Windows Defender Spyware update. | Num |
Number of days to trigger exception.
|
Servers (Practical)
| Antivirus - Third Party |
| What does it do? Seeks any antivirus solution besides Windows Defender, displayed under the "Overview" tab of a given server under Infrastructure > Endpoints, under the "Protection" area. |
|
How does it work? On servers, the Windows Security Center service we typically use to report back third-party AV is unavailable. So, the antivirus list is built from software that we've flagged as server antivirus software in a backend table on CloudRadial. NOTE: If your AV software doesn't flag under the "Protection" area but you can see it within the server's software list, please open a support ticket at support@cloudradial.com so that we can add that AV to our known list. |
| Parameter use case? No parameter to set - automated to find anything besides Windows Defender that matches our server antivirus list. Will flag if nothing is found except for Windows Defender (or nothing at all). |
| Antivirus Installed |
| What does it do? Checks for an antivirus solution to be installed on the server, even if it's just Windows Defender, displayed under the "Overview" tab of a given server under Infrastructure > Endpoints, under the "Protection" area. |
| How does it work? On servers, the Windows Security Center service we typically use to report back third-party AV is unavailable. So, the antivirus list is built from software that we've flagged as antivirus software in a backend table on CloudRadial.
NOTE: If your AV software doesn't flag under the "Protection" area but you can see it within the server's software list, please open a support ticket at support@cloudradial.com so that we can add that AV to our known list. |
| Parameter use case? No parameter to set - automated to find anything including Windows Defender that matches our server antivirus list. Will flag if nothing is found at all. |
| Current OS Version |
| What does it do? Checks the server operating system version against a list. Multiple versions can be searched for in one policy given that they're separated with a comma (,) |
| How does it work? The agent is able to natively grab the OS from the server's config to display the information under the "Overview" tab of Infrastructure > Servers (right under the server name at the top). |
| Parameter use case? Flag specific OS versions to keep server infrastructures up-to-date on the latest and most updated OS versions. Input the version(s) you want everyone to have - all other OS types will be flagged as a risk. Commonly, this should just be something like "server 2016, server 2019". |
| Encrypted Hard Drive |
| What does it do? Checks the drives connected to the server for encryption, displayed under the "Overview" tab of a given server under Infrastructure > Servers, under the "Storage" area. |
| How does it work? The agent pulls info from these drives and checks to see if it has Bitlocker Drive Encryption protection turned on. Even drives that are temporarily connected, such as unsecured USB drives, can cause this to fail. All drives must be encrypted for the server to pass the encryption test - with the only exception being recovery drive partitions. If an unencrypted drive is plugged in at time of policy scan, it will fail. A rescan may help pass the test once the drive has been removed. |
| Parameter use case? No parameter to set - automated to find Bitlocker Drive Encryption for each reachable drive on the server. |
| Free Space Available |
| What does it do? Checks the drives on the server for the remaining space available, displayed under the "Overview" tab of a given server under Infrastructure > Servers, under the "Storage" area. |
| How does it work? Reads the drives under "This PC" on the local machine and reports them back to CloudRadial. |
| Parameter use case? Flag the tolerable percentage of space remaining before the drives become at risk for data loss and drive failure. Example: If you want to allow drives to get 90% full before the policy fails for a given server, set the parameter to 10 (no percentage sign needed). |
| Managed by Intune |
| What does it do? Checks to make sure server is under Intune management. |
| How does it work? |
| Parameter use case? Flags a machine if it does not show that it is not under Microsoft Intune Management; Microsoft Intune management adds additional protections for endpoints. |
| Modern Disk Storage |
| What does it do? Checks the storage on the server to ensure it's using SSD storage displayed under the "Configuration" tab of a given server under Infrastructure > Servers, under the "Drives" area. |
| How does it work? Agent checks in with Windows Drive Optimizer and pulls back data reports into CloudRadial for which drives are mechanical spinning disk HDDs and software-based SSDs. To pass this policy, all storage drives must be SSDs. |
| Parameter use case? No parameter to set - automated to find SSDs through the Windows Drive Optimizer. Will only flag if there's an HDD reported. |
| Old Technology |
| What does it do? Looks for servers that have processors older than a customizable amount of months to determine "old technology". Displayed under the "Configuration" tab of a given server under Infrastructure > Servers, under the "Details" area. |
| How does it work? Agent checks the processor from Windows processes and reports it to a backend table on CloudRadial that's kept up-to-date with processors and their release dates which puts out an approximate age in the same details field. The policy is checked against that. |
| Parameter use case? Flag the maximum number of months a processor could be out before you deem it as "old technology". Out-of-the-box, CloudRadial's policy is set for 3 years (36 months). Any processor that is detected to have been released prior to 3 years ago will be flagged as failing the policy. |
| Past Endpoint Lifecycle |
| What does it do? Checks the server's ship date, displayed under the "Configuration" tab of a given endpoint under Infrastructure > Servers, under the "Details" area. |
| How does it work? At the time of writing, CloudRadial supports native ship date reporting for Dell and Lenovo servers. The first-time log in date information is stored in such a way that the agent can make a call to check to see how long it's been since they've shipped. |
| Parameter use case? Flag the maximum number of months a server can be shipped out before you deem it as "past the lifecycle". Out-of-the-box, CloudRadial's policy is set for 3 years (36 months). Any ship date that is exceeds 3 years of age will be flagged as failing the policy. |
| Password Required |
| What does it do? Checks for enabled user accounts on a given server that aren't actively requiring a password to login. |
| How does it work? Agent checks in with WMI running on local machines to see if it's flagging the password as turned on in a user-by-user basis. If WMI reads that a password is enabled, so will the CloudRadial agent. |
| Parameter use case? No parameter to set - automated to check with WMI for password required for accounts. Will flag if account is not set to use a password, according to WMI. |
| Real-time Antivirus/Antivirus - Vendor |
| What does it do? Ensures a specified antivirus is installed, displayed under the "Overview" tab of a given server under Infrastructure > Servers, under the "Protection" area. |
|
How does it work? The agent pulls the name of the software applications on a given server and lists them under Infrastructure > Servers, on the "Software" tab under the first "Name" column. This policy seeks to match the parameter with the name on that software list, using whatever is a close match. NOTE! On servers and Mac endpoints, the Security Center feature is unavailable and the antivirus list is built from software that we've flagged as antivirus software in the applications installed list. If your antivirus software does not show up, please open a support ticket so that we can add that software to our known antivirus list. Example: "sophos" would flag any instances of Sophos, Sophos Protection Plus, and Sophos Elite Defense X as passing the policy. For more strict version use, put a more direct parameter such as "Sophos Protection Plus". |
| Parameter use case? Flag the server antivirus solution that is the gold standard for your company. If the agent doesn't find the AV solution specified in a given server's software inventory, the policy will fail for that server. |
| Recent OS Updates |
| What does it do? Ensures the latest protections from threats by checking the server has updated OS releases, displayed under the "Overview" tab of a given server under Infrastructure > Servers, under the "Protection" area. |
| How does it work? The OS version is listed in WMI, which the agent checks for this policy. If WMI detects a new critical update for Windows servers, the agent will cross-compare it to the current version. If it's older than the same version that's installed, the policy will fail and display a red date under "Last OS Update". |
| Parameter use case? Number of days since recent major OS patch. Default is 45 days. 0 indicates to use the default setting. |
| Screensaver Enabled |
| What does it do? Checks to see that servers are secured with a screensaver for privacy, displayed under the "Users" tab of a given endpoint under Infrastructure > Endpoints, under the "User Access Accounts" area. |
|
How does it work? The agent looks at the Windows server's registry to determine if the screensaver is enabled. Even if a nonstandard third-party screensaver is enabled but not triggering the registry to show as enabled, the policy will fail for a given server. To trigger correctly, the screensaver needs to be active, have a timeout after a certain set of minutes, require a password upon unlock. |
| Parameter use case? No parameter to set - automated to check the registry and report back whether the Windows system sees the screensaver enabled for that server. |
| Slow Performance |
| What does it do? Check to see if a given server is performing below 80% of the current average PassMark(R) score of a processor (system default set parameter is Intel (Xeon E3-1270 v6). While not actively displayed in the server configuration screen under a given server in Infrastructure > Servers, it will measure the current detected CPU against the set parameter. |
|
How does it work? The agent reads the CPU from the given server and runs it against the PassMark(R) score that's kept on CloudRadial's backend but pulls directly from PassMark(R) as they update it. If the reported CPU is lower than 80% of the set parameter's score, it will get flagged as slow performance. More details on the PassMark(R) scores can be found on their site, linked here, under the "CPU Mark" column: https://www.cpubenchmark.net/cpu_list.php |
|
Parameter use case? Flag the parameter to your CPU's gold standard score. For example, if you mainly deal with Intel Xeon E5-2650L v4 @ 1.70GHz processors, you can pull the PassMark(R) score from the link above (in this case, 11,111) and input that as your parameter. Servers with CPU scores that meet and exceed that parameter are good to go - and even those that come within 80% of that score (in the example, 8888.8) will pass. Anything lower than 80% will be flagged as slow performance. |
| Software Installed |
| What does it do? Checks to make sure that the specified application is installed on the given server. The individual machine software list can be found under Infrastructure > Servers, on the "Software" tab once you click on the server. |
| How does it work? Simply checks to see if the specified application is installed on that server by cross-referencing your parameter with the software inventory that the agent picks up. Will flag the server if the software you selected isn't found on the machine |
|
Parameter use case? Flag a critical piece of software that you need to see installed on all machines, like Microsoft SQL Server. This policy seeks to match the parameter with the name on that software list, using whatever is a close match. Ex: "NVIDIA" would flag any instances of NVIDIA, NVIDIA Backend, and NVIDIA GeForce Experience as passing the policy. If the software can't be found at all, the machine fails the policy. For more strict version use, put a more direct parameter such as "NVIDIA GeForce Experience". |
Software Not Installed |
| What does it do? Checks to make sure that the specified application is not installed on the given server. The individual machine software list can be found under Infrastructure > Servers, on the "Software" tab once you click on the server. |
| How does it work? Simply checks to see if the specified application is not installed on that server by cross-referencing your parameter with the software inventory that the agent picks up. Will flag the server if the software you selected is found on the machine. |
|
Parameter use case? Flag a critical piece of software that you don't want to see on all machines, like Spotify. This policy seeks to match the parameter with the name on that software list, using whatever is a close match. Ex: "Spotify" would flag any instances of Spotify, Spotify Updater, and Spotify Add-on Tool as failing the policy. If the software can be found, the machine fails the policy. For more strict version use, put a more direct parameter such as "Spotify Updater". |
System Memory |
|
What does it do? Checks to make sure the endpoint has the recommended amount of memory. |
| How does it work? |
| Parameter use case? |
| Version Not Installed |
| What does it do? Checks the given server for a particular software AND version based on parameter. Name and version are separated with a comma ','. The individual server's software list can be found under Infrastructure > Servers, on the "Software" tab once you click on the server. |
| How does it work? The agent pulls the name of the software from the server and lists it under the "Name" column of the given server's software inventory. It also pulls the version history, found under the "Version" column, and lists it within the same area |
|
Parameter use case? Flag a certain software and version in one policy to ensure that that software and version isn't on the machine. Example: Google Chrome, 81.0. Useful for checking for outdated software and versions that should not on be the machine. |
| Warranty Coverage |
| What does it do? Checks the given server for warranty expiration information, displayed under the "Configuration" tab of a given server under Infrastructure > Servers, under the "Details" area. |
|
How does it work? At the time of writing, CloudRadial supports native warranty reporting for Dell, Lenovo, and Windows servers. These manufacturers store their warranty credentials in such a way that the agent can make a call to check to see if they're covered under warranty. HP servers cannot have their warranty information queried due to their API being broken. NOTE: Servers that don't have a warranty field (meaning we couldn't find the warranty information) will automatically pass this policy, even if they're old and out of warranty. We don't flag it if we can't see it. |
| Parameter use case? No parameter to set - automated to check the warranty expiration date and flag the policy as failed if the date is past expiration. |
| Windows Defender AV Update |
| What does it do? Checks the given server for a recent Windows Defender Antivirus update. |
| How does it work? |
|
Parameter use case? Flags any servers that do not have Windows Defender updated; Known threats change software should be kept up-to-date. |
Windows Defender Enabled |
| What does it do? Checks to make sure Windows Defender is enabled on a given Server. |
| How does it work? |
| Parameter use case? Flag a machine that does not have Windows Defender enabled on the device; Windows Defender adds an important layer of security to your devices. |
Windows Defender Full Scan |
| What does it do? Checks for a recent Windows Defender full scan on server. |
| How does it work? |
| Parameter use case? Flag a machine that has not recently had a full scan with Windows Defender; regular antivirus scans help protect systems from threats. |
Windows Defender Quick Scan |
| What does it do? Checks for a recent Windows Defender quick scan. |
| How does it work? |
| Parameter use case? Flag a machine that has not recently had a quick scan with Windows Defender; regular antivirus scans help protect systems from threats. |
Windows Defender Spyware Update |
| What does it do? Checks for a recent Windows Defender Spyware update. |
| How does it work? |
| Parameter use case? Flag a machine that has not recently been updated to the latest version of Windows Defender; Known threats change, software should be kept up-to-date. |
CloudRadial/Users (Technical)
| Name | Description | Type | Parameter |
| CloudRadial | |||
| Course Certification Expiration | Checks for users who are due to take or retake a course. | Num |
Number of days to trigger; exception for courses already taken but expiring. |
CloudRadial/Users (Practical)
| Strong Authentication |
| What does it do? Checks for users who are due to take or retake a course. |
|
How does it work? Checks to see if users have enrolled into required courses within CloudRadial. You can also find this information on the users homepage as well as under the Compliance > Training Location for admins. |
| Parameter use case? Number of days to trigger exception for courses already taken but expiring. Users that have a required course that they have not enrolled in will fail this policy. |
Office 365/Users (Technical)
| Name | Description | Type | Parameter |
| Office 365 | |||
| Strong Authentication | Checks Office 365 users to make sure strong authentication is enabled for users. |
Office 365/Users (Practical)
| Strong Authentication |
| What does it do? Checks to see if MFA is enabled for users loaded into CloudRadial. |
|
How does it work? Doesn't require agent deployment to display this information - all of it comes from turning MFA protection on for users within an Office 365 tenant. NOTE: Are you failing the policy but you're sure you have MFA enabled? Read this article on ensuring that CloudRadial can see the MFA status to report correctly: https://support.cloudradial.com/hc/en-us/articles/360037823912-Reporting-MFA-Information |
| Parameter use case? No parameter to set - automated to check MFA status that's updated regularly as users are added and removed. Users that don't have MFA enabled (according to CloudRadial) will fail the policy. |
Monitoring (Technical)
| Name | Description | Type | Parameter |
| Report Archive Errors | Checks for report archives that have their latest report in error. |
Monitoring (Practical)
| Report Archive Errors |
| What does it do? Checks for report archives that have their latest report in error. |
|
How does it work? Checks to see if the Report Archives in CloudRadial have had an error when receiving reports from outside systems and applications. |
| Parameter use case? Being alerted when reporting isn't working properly can help you mitigate any possible issues by being alerted right away. This can help you make sure all reports are accurate and up to date; Report alerts are indications of potential problems. |
Comments
0 comments
Article is closed for comments.