When editing a Host Integrity Policy in the Symantec Network Access Control (SNAC) product, what functionality is available for creating Custom Requirements?
The Host Integrity functionality in the Symantec Network Access Control (SNAC) product is used to verify the integrity of endpoint machines before assigning a policy or allowing entrance to the network. Built-in checks exist to verify the status of Antivirus, Antispyware, and Firewall software, and Patch and Service pack level - more complex checks can be created using the Custom Requirement option.
The following list of checks or conditions are available when creating a Custom Requirement script in the Host Integrity Policy editor.
- Antivirus: Antivirus is installed
- Antivirus: Antivirus is running
- Antivirus: Antivirus signature file is up-to-date
- Antispyware: Antispyware is installed
- Antispyware: Antispyware is running
- Antispyware: Antispyware signature file is up-to-date
- Firewall: Firewall is installed
- Firewall: Firewall is running
- Patch: Compare current service pack with specified version
- Patch: Patch is installed
- File: Compare file age to
- File: Compare file date to
- File: Compare file size to
- File: Compare file version to
- File: File download complete
- File: File Exists
- File: File fingerprint equals
- Registry: Registry key exists
- Registry: Registry value exists
- Registry: Registry value equals
- Registry: Set registry value successful
- Registry: Increment registry DWORD value successful
- Utility: Check Timestamp
- Utility: Message dialog return value equals true
- Utility: Operating system is
- Utility: Operating system language is
- Utility: Process is running
- Utility: Service is running
For the list of Antivirus, Antispyware and Firewall products that can be verified by the built-in rules, please see KB TECH162768.
In addition to the list of conditions available above, the following list of functions can also be added to a Custom Requirement script.
- File: Download a file
- Registry: Set registry value
- Registry: Increment registry DWORD value
- Utility: Log message
- Utility: Run a program
- Utility: Run a script
- Utility: Run Set Timestamp
- Utility: Show message dialog
- Utility: Wait
The Custom Requirement script editor also provides regular logic such as IF/THEN/ELSE and AND/OR to use when constructing your Host Integrity script, and right-clicking on a configured condition in the Host Integrity script editor gives a "Toggle NOT" option, to reverse the logic of the check.