When editing a Host Integrity Policy in the Symantec Network Access Control (SNAC) product, what functionality is available for creating Custom Requirements?
The Host Integrity functionality in the Symantec Network Access Control (SNAC) product is used to verify the integrity of endpoint machines before assigning a policy or allowing entrance to the network. Built-in checks exist to verify the status of Antivirus, Antispyware, and Firewall software, and Patch and Service pack level - more complex checks can be created using the Custom Requirement option.
The following list of checks or conditions are available when creating a Custom Requirement script in the Host Integrity Policy editor.
Antivirus: Antivirus is installed
Antivirus: Antivirus is running
Antivirus: Antivirus signature file is up-to-date
Antispyware: Antispyware is installed
Antispyware: Antispyware is running
Antispyware: Antispyware signature file is up-to-date
Firewall: Firewall is installed
Firewall: Firewall is running
Patch: Compare current service pack with specified version
Patch: Patch is installed
File: Compare file age to
File: Compare file date to
File: Compare file size to
File: Compare file version to
File: File download complete
File: File Exists
File: File fingerprint equals
Registry: Registry key exists
Registry: Registry value exists
Registry: Registry value equals
Registry: Set registry value successful
Registry: Increment registry DWORD value successful
Utility: Check Timestamp
Utility: Message dialog return value equals true
Utility: Operating system is
Utility: Operating system language is
Utility: Process is running
Utility: Service is running
For the list of Antivirus, Antispyware and Firewall products that can be verified by the built-in rules, please see KB TECH162768.
In addition to the list of conditions available above, the following list of functions can also be added to a Custom Requirement script.
File: Download a file
Registry: Set registry value
Registry: Increment registry DWORD value
Utility: Log message
Utility: Run a program
Utility: Run a script
Utility: Run Set Timestamp
Utility: Show message dialog
The Custom Requirement script editor also provides regular logic such as IF/THEN/ELSE and AND/OR to use when constructing your Host Integrity script, and right-clicking on a configured condition in the Host Integrity script editor gives a "Toggle NOT" option, to reverse the logic of the check.
Imported Document ID: TECH169921
Subscribing will provide email updates when this Article is updated. Login is required.