Create or edit a remediation policy

In this topic, you will learn how to create and assign a remediation policy in Portnox™ Cloud.

To understand what are policies in Portnox Cloud, what types of policies are available, and how they work together with accounts and groups, read the following topic: What are policies in Portnox Cloud?.

Important: Remediation policies require Portnox AgentP. You need to install AgentP on each device that is to have remediation actions taken. For devices without AgentP, no remediation actions can be taken.

Remediation policies are automatic actions that Portnox AgentP performs on the device before granting it access to the network. Actions that AgentP performs are based on conditions that you define in the remediation policy in Portnox Cloud.

  1. In the Cloud portal top menu, click on the Policies option.

  2. In the Cloud portal left-hand menu, click on the REMEDIATION POLICIES tile.

  3. In the right-hand side pane, click on the Create a new Policy link to create a new policy.
    Note: You can also click on the Edit link on the right-hand side of the selected line that represents an existing policy. The creation and editing processes are almost the same.
  4. In the Policy Name field, enter the name for the new policy and in the Policy Description field, enter an optional description.

  5. In the AGENTP section on the left-hand side, select the operating system to configure the actions for this operating system.

    Each policy contains rules for all operating systems. If you do not configure a specific operating system, Portnox Cloud will use default settings for that operating system.

    For detailed description of all available actions, see the section Remediation policy actions below.

  6. In the right-hand side pane, configure the actions for the selected operating system.
  7. Repeat the above steps for other operating systems.
  8. To save your policy settings, click on the Save button on the bottom right of the page.

Result: You created or edited a remediation policy. You can now assign this policy to groups.

To assign policies to groups, see the following topic: Assign policies to a group.

Remediation policy actions

In this section, you will learn to configure all remediation policy actions for different operating systems.

Note: Actions are listed alphabetically. Some actions are available for multiple operating systems.

Antivirus Live Update

If the installed Portnox Cloud-supported antivirus application is not up to date, Portnox Cloud will perform a live update.

Operating systems: Windows

Parameters:

  • Immediate

    If selected, this action will be performed immediately after Portnox Cloud detects that installed antivirus is not up to date.

  • Recurring schedule
    • Daily: The action will be performed every day on selected Days of the week at selected Time (in the local time zone of the device).
    • Interval: The action will be performed after the set interval, from the time that you click on the Save button, and then will be performed again repeatedly at the set interval of Days, Hours, and Minutes, continuing indefinitely.

Antivirus Start

If Portnox Cloud detects that the installed Portnox Cloud-supported antivirus application is disabled, it will immediately enable it.

Operating systems: Windows

Application Removal

If the specified applications are installed, Portnox Cloud will remove them.

Operating systems: Windows

Parameters:

  • Immediate

    If selected, this action will be performed immediately after Portnox Cloud detects that one of the specified applications is installed.

  • Recurring schedule
    • Daily: The action will be performed every day on selected Days of the week at selected Time (in the local time zone of the device).
    • Interval: The action will be performed after the set interval, from the time that you click on the Save button, and then will be performed again repeatedly at the set interval of Days, Hours, and Minutes, continuing indefinitely.
  • Add application

    Click on this link to add a name of an application to the list, and then click on the Save button. Repeat for other applications if necessary.

    Important: To learn how to find application names, see the following topic: How to find application names for risk assessment policies?

Bridging Disable

If Portnox Cloud detects that bridging is enabled on the device, it will immediately disable it.

Operating systems: Windows

Firewall Start

If Portnox Cloud detects that the default/built-in firewall is disabled, it will immediately enable it.

Operating systems: Windows, macOS

Internet sharing Disable

If Portnox Cloud detects that Internet sharing is enabled on the device, it will immediately disable it.

Operating systems: Windows, macOS

Login Script

Portnox Cloud will execute the specified custom script upon user login.

Operating systems: Windows, macOS

Parameters:

  • If the device is enrolled using a user account, execute the script from the user’s system account.
    • Checkbox activated: If the device is enrolled using a user account, the script will be executed from this user’s account in the operating system. If the device is enrolled using a device account, the script will be executed from a system account.
    • Checkbox deactivated: The script will always be executed from a system account.
  • 64-bit path

    If you want to run a 64-bit executable or script, enter the full operating system path to this executable or script.

  • 32-bit path

    If you want to run a 32-bit executable or script, enter the full operating system path to this executable or script.

  • arguments

    Enter the arguments that will be added to the 64-bit path and the 32-bit path if they are defined. If one of the paths is not defined, arguments will not be added to it.

Note: If you enter both the 64-bit path and the 32-bit path, both scripts will be executed with the same arguments.

Periodic Script

Portnox Cloud will execute the specified custom script periodically.

Operating systems: Windows, macOS

Parameters:

  • Daily

    The script will be run every day on selected Days of the week at selected Time (in the local time zone of the device).

  • Interval

    The script will be run after the set interval, from the time that you click on the Save button, and then will be run again repeatedly at the set interval of Days, Hours, and Minutes, continuing indefinitely.

  • If the device is enrolled using a user account, execute the script from the user’s system account.
    • Checkbox activated: If the device is enrolled using a user account, the script will be executed from this user’s account in the operating system. If the device is enrolled using a device account, the script will be executed from a system account.
    • Checkbox deactivated: The script will always be executed from a system account.
  • 64-bit path

    If you want to run a 64-bit executable or script, enter the full operating system path to this executable or script.

  • 32-bit path

    If you want to run a 32-bit executable or script, enter the full operating system path to this executable or script.

  • arguments

    Enter the arguments that will be added to the 64-bit path and the 32-bit path if they are defined. If one of the paths is not defined, arguments will not be added to it.

Process Terminate

If Portnox Cloud detects that specified processes are running on the device, it will immediately terminate them.

Operating systems: Windows, macOS

Parameters:

Add process

Click on this link to add a name of a process to the list, and then click on the Save button. Repeat for other processes if necessary.

Important: To learn how to find application names, see the following topic: How to find application names for risk assessment policies?
Note: To find process names on Windows, use the tasklist command in a Command Prompt window. To find process names on macOS, use the ps ax command in a Terminal window.

Registry keys

If Portnox Cloud detects that specified required registry keys are missing in the operating systems, it will add them. If Portnox Cloud detects that specified forbidden registry keys are present in the operating systems, it will delete them.

Operating systems: Windows

Parameters:

  • Add new registry key:
    1. In the Mode field, select:
      • Preserve: This is a required key. If it is missing, it will be added.
      • Delete: This is a forbidden key. If it is found, it will be deleted.
    2. In the Root field, select the registry key root.
    3. In the Key, Value name, and Value fields, enter relevant key and value information for the required registry key.
    4. In the Value type field, select the value type: Int, String, or Bytes.
    5. Click on the Confirm button to add the key.
    6. Repeat the above steps for other keys if necessary.
  • Daily

    Registry keys will be examined every day on selected Days of the week at selected Time (in the local time zone of the device).

  • Interval

    Registry keys will be examined after the set interval, from the time that you click on the Save button, and then will be run again repeatedly at the set interval of Days, Hours, and Minutes, continuing indefinitely.

Service/Daemon Restart

If Portnox Cloud detects that specified services/daemons are not running on the device, it will restart them.

Operating systems: Windows

Parameters:

  • Immediate

    If selected, this action will be performed immediately after Portnox Cloud detects that specified services/daemons are not running on the device.

  • Recurring schedule
    • Daily: The action will be performed every day on selected Days of the week at selected Time (in the local time zone of the device).
    • Interval: The action will be performed after the set interval, from the time that you click on the Save button, and then will be performed again repeatedly at the set interval of Days, Hours, and Minutes, continuing indefinitely.
  • Add service

    Click on this link to add a name of a service to the list, and then click on the Save button. Repeat for other services if necessary.

    Important: To learn how to find service names, see the following topic: How to find service names for risk assessment policies?

Service/Daemon Start

If Portnox Cloud detects that specified services/daemons are not running on the device, it will start them.

Operating systems: Windows

Parameters:

  • Immediate

    If selected, this action will be performed immediately after Portnox Cloud detects that specified services/daemons are not running on the device.

  • Recurring schedule
    • Daily: The action will be performed every day on selected Days of the week at selected Time (in the local time zone of the device).
    • Interval: The action will be performed after the set interval, from the time that you click on the Save button, and then will be performed again repeatedly at the set interval of Days, Hours, and Minutes, continuing indefinitely.
  • Add service

    Click on this link to add a name of a service to the list, and then click on the Save button. Repeat for other services if necessary.

    Important: To learn how to find service names, see the following topic: How to find service names for risk assessment policies?

Service/Daemon Stop

If Portnox Cloud detects that specified services/daemons are running on the device, it will stop them.

Operating systems: Windows

Parameters:

  • Immediate

    If selected, this action will be performed immediately after Portnox Cloud detects that specified services/daemons are running on the device.

  • Recurring schedule
    • Daily: The action will be performed every day on selected Days of the week at selected Time (in the local time zone of the device).
    • Interval: The action will be performed after the set interval, from the time that you click on the Save button, and then will be performed again repeatedly at the set interval of Days, Hours, and Minutes, continuing indefinitely.
  • Add service

    Click on this link to add a name of a service to the list, and then click on the Save button. Repeat for other services if necessary.

    Important: To learn how to find service names, see the following topic: How to find service names for risk assessment policies?

USB peripheral Disconnect

If Portnox Cloud detects that specified USB peripherals are connected to the device, it will immediately disconnect them.

Operating systems: Windows, macOS

Parameters:

Select

Select types from the list to add them to the list of forbidden peripheral devices.

Note: The list includes types of peripheral devices such as printers, scanners, cameras, card readers, and more.