I'm using Endpoint Compliance Policies on my FNAC-F, by now, I'm just seen if the hosts have FNAC Persistent Agent installed and if they're on Active Directory domain.
But now I want to also validate if the antivirus is installed, so my idea is to setup one policy above the oldest one, with same parameters and antivirus scan. And I also wanna change the old policy to instead of mark the host as "Safe", mark it as "At Risk", just so I can have an inventory of hosts with and without antivirus.
So, my doubt is how exactly can I do this? The only way that I saw is using the Endpoint Compliance>Actions>Add and create a security action to Mark the Host as At Risk one matches a policy, but to be honest, I don't know how to go works, I didn't found any documentation about setting up actions on Endpoint Compliances.
Do Endpoint Compliance Policies have a default action to set host as Safe? If I create a new policy, will it override the default? And mark hosts as At Risk is just a parameter, or does it have an impact on the host access? (Keep in mind that I'll create one network Access policy to allow access for this hosts until I stabilize this)
You don't have to use custom Actions. You will just need a Policy to point to a Configuration and a Scan. Based on scan results the host status will change to At-risk (+ sign) or normal. If the host is at risk and the Remediation is enforced the host will get isolated, there is no need for a network access policy (stage 5). If the host is in normal state the Network access policy will be evaluated.
