Putting an End to Insanity in Security Defenses with Analytics in the Pipe

For the endpoint security policy, the rule I selected was Predefined: Antivirus – here I selected the products which we support (Require specific products/vendors option) and selected the option to check the AV definitions weren’t older than x days. The remediation options allow the Host Checker to automatically try and ‘fix’ the issues in order to allow access to the user – for example – if the definitions are too old, the Host Checker will try to download the latest definitions.

To check a machine is on the domain, I simply followed the instructions in (

You may need to make multiple rules if you have different OS’s and multiple architecture types (32bit vs 64bit).

After you have configured the policies and rules you want, you must decide whether you want to apply to these Host Checker policies on an entire User Realm or User Role level.

If you select a realm, click the Authentication –> Host Checker tab. If you select a role, click the General –> Restrictions –> Host Checker tab

At the realm level you will get options to either evaluate or enforce. Evaluate will basically run the Host Checker on the machine and log the results but it won’t stop the user from accessing the network/resources if they don’t meet the policy. Enforce will, as the name suggests, enforce the policy so if the user doesn’t meet the requirements, they will not be permitted access.

Hopefully that has helped somewhat and I look forward to posting similar articles in the near future!