You can edit the policy name, the basic definitions of a policy, including its description, and Enforcement Level, in the upper panel of the Edit Policy page.

For most Device and Advanced Settings, you can:

  • turn them on or off
  • place them in report-only state, in which they report what they would have done if they had been activated
  • choose a different (or no) notifier, which is the dialog box that is displayed when an action is blocked as a result of an active policy setting; this is covered in Endpoint Notifiers and Approval Requests

Certain settings have fewer choices or choices other than those on this list.

Note: Although you can deactivate policy settings, you cannot create or delete them. The setting name (e.g., Block unapproved scripts), which is standard for all policies, cannot be changed.

Edit a Policy

Use this procedure to edit a policy.

Procedure

  1. On the console menu, choose Rules > Policies. The Policies page appears.
  2. On the Policies page, click the View Details button next to the name of the policy you want to edit. The Edit Policy page appears:
    The Edit Policy page showing the Device Control Settings tab
  3. Edit any of the details in the main panel by checking or un-checking the appropriate box, entering text, choosing a different mode and/or choosing a different Enforcement Level. Visible parameters may vary depending upon other policy settings and configuration choices. See for detail on these settings.
    Note: If you change the Policy Name, that name will be reflected immediately in the console, but the name of the agent installer (the policyname.msi file) requires approximately one minute to update. Keep this in mind if you intend to download agents immediately after a policy name change.
  4. From the Edit Policy page, click the Device Control Settings tab to see the Device Control settings for this policy.
  5. In the Device Control Settings table, use the dropdown menu to select one of the following states for any setting you want to change: Off, Active, and Report Only (Active is not a choice for the Read settings). See Device Control Setting Behavior Device Control Setting Behavior for information about these settings.
    Note: Visibility and control features for devices are not available for Linux computers.
  6. From the Edit Policy page, click the Advanced tab to see the Advanced settings for this policy.
    The advanced policy settings
  7. In the Advanced Settings table, use the menu to select one of the following states for settings you want to change: Active (on), Report Only (on, but not enforced), or Off. See Advanced Setting Behavior Advanced Setting Behavior for more on these settings.
    Note: Some Advanced settings cannot be changed. Fixed settings show their value in a grayed-out menu box.
  8. To change the setting for Locally approve unapproved files on transition from Visibility or Low Enforcement Level to Medium or High, check or un-check the box.
  9. To customize the notifier shown by a Device or Advanced setting when it blocks actions on an agent computer, you can choose a different notifier from the Notifiers menu next to the setting, Edit the notifier (which affects all places in which this notifier is used), or Add and define a new notifier. See Customizing and Creating Notifiers for more information.
  10. When you have finished changing policy settings, click Save. Your changes are saved and the Policies table is re-displayed.

Related Views in Policy Details

The Edit Policy page has a Related Views menu with links that provide information about computers in this the policy and the files on those computers:

  • All files on computers in this policy opens a Find Files page with all instances of tracked files on the computers assigned to the policy.
  • Unapproved files on computers in this policy opens a Find Files page with all file instances with a Local State of Unapproved on the computers assigned to this policy. This helps show how the policy settings affect the files actually on these computers.You can add another filter to the results to show only files with Local State Details of Unapproved – these would be approved by an Enforcement Level change from Low to either Medium or High if the automatic approval box is checked for this policy.
  • Computers manually assigned to this policy opens a filtered view of the Computers page, showing computers that have been manually assigned to the policy (i.e., were not assigned by AD mapping).