Configuring Host Checker Third-Party Applications Using Predefined Rules; Procedure); Configuring Host Checker Third-Party Applications Using Predefined Rules (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual

Configuring Secure Access Devices Guide
Related
Documentation
Configuring Host Checker Third-Party Applications Using Predefined Rules (NSM

Procedure)

234
Table 64: Configuring General Host Checker Remediation
Details (continued)
Option Function
Kill Specifies the name of one or more
Processes processes you want to kill if the user's
computer does not meet the policy
requirements. You can include an optional
MD5 checksum for the process.
Delete Files Specifies the names of files you want to
delete if the user's computer does not meet
the policy requirements. Enter one filename
per line.
Send Displays a message to users (called a
reason reason string) that is returned by Host
strings Checker or integrity measurement verifier
(IMV) and explains why the client machine
does not meet the Host Checker policy
requirements.
NOTE: This option applies to predefined
rules, custom rules, and to third-party IMVs
that use extensions in the Juniper Networks
TNC SDK.
Configuring Host Checker Third-Party Applications Using Predefined Rules (NSM
Procedure) on page 234
Configuring the Remote Integrity Measurement Verifier Server (NSM Procedure) on
page 240
Setting Up Secure Access Device Host Checker Options (NSM Procedure) on page 231
Host Checker comes pre-equipped with a vast array of predefined rules that check for
antivirus software, firewalls, malware, spyware, and specific operating systems from a
wide variety of industry leaders. You can enable one or more of these rules within a Host
Checker client-side policy to ensure that the integrated third-party applications that you
specify are running on your users' computers in accordance with your specifications. For
firewall and antivirus rules, you can specify remediation actions to automatically bring
the endpoint into compliance.
To configure third-party applications using predefined rules:
In the navigation tree, select Device Manager > Devices.
1.
Click the Device Tree tab, and then double-click the Secure Access device for which
2.
you want to configure Host Checker third-party applications using predefined rules.
Your Action
Select the Kill Processes option to
enable this feature, and then enter
the name. For example, enter
keylogger.exe
Select the Delete Files option to
enable this feature, and then enter
the filename. For example, enter
c:\temp\bad-file.txt
/temp/bad-file.txt.
Select the Send reason strings
option to enable this feature.
Copyright © 2010, Juniper Networks, Inc.