In this article, you will learn everything you need to know about the settings you can perform on the HEIMDAL client-side products from the HEIMDAL Dashboard -> Endpoint Settings. To go to the Endpoint Settings, you have to log in to the HEIMDAL Dashboard, click the Endpoint Settings button (top-right corner), and select a Group Policy.
1. Endpoint Settings
2. General
3. DNS Security
4. Patch & Assets
5. Endpoint Detection
6. Privileged Access Management
ENDPOINT SETTINGS
In the Endpoint Settings, you have a section dedicated to macOS endpoints where you can create and manage Group Policies that are applied to the endpoints inside your organization. In the Linux GP tab, you can see all the Group Policies, you can edit their priorities according to your needs (by using drag & drop), you can enable/disable them or you can duplicate them.
Reseller Master GP Distribution
Reseller Master GP Distribution is a feature that allows resellers to deploy a Reseller Group Policy to all the customers who have selected to opt-in to the Reseller Master GP. The Reseller Master GP Distribution feature can be activated only from the Reseller account and enables the Opt-in Reseller Master GP functionality on the reseller's customers. A reseller can create one or multiple Reseller GPs.
Opt-in Reseller Master GP allows the customer (or the reseller) to apply the Group Policy settings configured by the Reseller in the Reseller Master GP. This GP cannot be edited or disabled by an Enterprise customer, but its priority can be changed in the Group Policy list.
The Download button allows you to download an Excel file with all the Group Policies and the settings in each Group Policy.
GENERAL
In the General tab, you can configure Group Policy settings that refer to GP assigning, check intervals, thresholds, and other additional settings.Policy Name - set the name of the Group Policy.
Language - allows you to select the language of the HEIMDAL Agent to be enforced on the endpoints.
Priority - shows you the priority of the Group Policy in the Group Policy list. It can be set by using Drag and Drop in the GP list.
AD Computer Group - this option is used to bind an AD Global Security Group to the current GP. This way, the endpoint that is a member of the specified AD Global Security Group will apply this GP.
AD User Group - this option binds an AD Global Security Group to the current GP. This way, the endpoint that is a member of the specified AD Global Security Group will apply this GP.
External IPs - this option allows you to assign the Group Policy based on an External IP or multiple External IPs. Adding multiple IPs is done by separating them with a comma:
Policy check interval - sets the Group Policy check interval that is automatically performed by the HEIMDAL Agent to communicate with the HEIMDAL Dashboard and servers. The default time for the Policy check interval is 180 minutes.
Licensing check interval - sets the HEIMDAL license check interval that is automatically performed by the HEIMDAL Agent;
Proxy Settings
This feature is designed to allow the HEIMDAL Agent to communicate with the HEIMDAL Dashboard if the endpoint(s) is/are placed behind a Proxy Server. It allows you to specify the proxy settings by adding the needed information in the displayed fields.
Proxy Settings - the user needs to manually add the Proxy information for the Host, Port, Domain, Username, and Password;
Additional Settings
Include in Release Candidate Program - enforces the update of the HEIMDAL Agent to the latest HEIMDAL Release Candidate (Beta) version available on the HEIMDAL Servers;
DNS Security
DNS Security is structured into 2 modules: DarkLayer Guard and VectorN Detection. This Group Policy section is designed to manage the HEIMDAL DNS Security engine embedded in the HEIMDAL Agent.
DARKLAYER GUARD
By enabling the DarkLayer Guard engine, the HEIMDAL Agent will enable the network filter that will protect the computer from getting infected. The settings are described here.
VECTORN DETECTION
The VectorN Detection engine is a feature that searches for patterns within the blocks of HEIMDAL's DarkLayer Guard records, detecting malware in ways that no other endpoint protection can. It will identify patterns of malicious domain requests and filter these accordingly. The computers identified by VectorN as potentially infected are to be ultimately treated as threats by the system administrator, investigated, and scanned for threats either manually or automatically. The settings are described here.
PATCH & ASSETS
Patch & Assets is structured into 2 modules: 3rd Party Patch Management and OS Updates. This Group Policy section is designed to manage the HEIMDAL Patch & Assets components embedded in the HEIMDAL Agent.
3RD PARTY PATCH MANAGEMENT
The 3rd Party Patch Management module allows the user(s) to install or update a specific 3rd Party Application from the list of applications managed by HEIMDAL Security. The settings are described here.
OS UPDATES
Operating System Updates - turn ON/OFF the Operating System Updates product. The System Updates and Security Updates can be deployed by the module. Other updates can be deployed using the Infinity Management module. The settings are described here.
ENDPOINT DETECTION
Endpoint Detection currently includes the Next-Gen Antivirus. This Group Policy section is designed to manage the HEIMDAL Endpoint Detection components embedded in the HEIMDAL Agent.
NEXT-GEN ANTIVIRUS
The Next-Gen Antivirus will allow you or the users to perform scan operations on the endpoints in your environment to keep viruses and other threats away. The settings are described here.
The Ransomware Encryption Protection module detects processes that perform encryption operations on files on the endpoint with malicious intent. The module is processing kernel events for IO reads, writes, directory enumeration, and file execution. Patterns are matched against the collected events after studying the same patterns that are being created by actual ransomware. The engine will allow 3 files to get encrypted until it gives the verdict that the process is suspicious. Once flagged, details about the suspicious process are gathered and sent to the Heimdal servers. The settings are described here.
PRIVILEGES & APP CONTROL
Privileges & App Control allows you to control user permissions in your organization and enables you to manage elevations and special permissions to applications that are used on each endpoint.
PRIVILEGED ACCESS MANAGEMENT
The Privileged Access Management module will allow you to give users the ability to install software they need for a period of time you select, using the Administrator Session or the Run with Privileged Access Management option for single file elevation. Rights granted can be revoked at any time, and actions are logged for a full audit trail. This is the feature that allows an end-user to request admin privileges over his machine by sending a request to the Heimdal Dashboard System Administrator, who can deny or accept their request. The settings are described here.