Policies Overview

Policies are a collection of rules or settings that make sure a product's features are configured correctly on your managed systems.

ePO policy management features or functions include:

Policy Catalog

Provides a central location for the creation and management of default and custom policies

Policy Assignments

The policy settings are defined in the policy object, which is done in the Policy Catalog. The assignments then determine where in the tree that particular object is assigned. For example, if you want a particular setting applied to a machine, you would first create a policy object with the desired setting in the policy catalog, and then assign it to the relevant machine.

Policy Assignment Rules

Reduce the overhead of managing numerous policies for individual users or systems that meet specific criteria while maintaining more generic policies across your System Tree

Policy History

Lets you view and compare policy history entries or revert to a previous version of a policy

Policy Comparison

Lets you compare like policies (all settings, matches, differences). Many of the values and variables are specific to each product. Optionally, you can open a printer-friendly view of the comparison.

Permission Sets

To view, or to view and edit policies, you must have the appropriate permissions. Administrators always have permission to view and change policy settings, but other ePO users may need permissions through their respective permission set.

As you add new extensions to the ePO server by installing new point-products, you have new permission sets that control the access to the policies for those products. By default, the extensions install with no permissions for users other than the Administrator.

Assignment and Inheritance

It is likely that most systems within any environment will require an identical or very similar configuration. A small minority of systems may require radically different settings from the majority.

The purpose of policy objects and inheritance is to allow the described scenario (or any given scenario) to be implemented with the minimal effort possible.
Policy assignment is the allocation of a specific named policy object at a specific node within the ePO System Tree to achieve this.
Policy inheritance is the concept of a higher-level policy assignment being applied to a lower-level node.

Creating and configuring a policy object assigned at the System Tree level gives all systems identical settings. For any systems that do not require these settings, create, configure, and assign a different policy object with the new values. Inheritance will ensure that these new values are enforced from the chosen level down, until another policy is assigned.

ePO provides two policy objects (one is named Trellix Default and the other is My Default) for each product or product configuration category.

User Interface

To access the Policy Catalog entries, click Menu > Policy > Policy Catalog or select Policy Catalog from the top Menu bar in the ePO console.

The Policy Catalog has been divided into three sections:

Products
Policy Category
Policy Details

Click the information (i) icon in each section in the figure below to see additional details.

Policy Approval Management

As an administrator, you can choose whether policy and task management users need approval to make policy or task changes The Permission Sets allow some policy users not only to create and modify policies, but also to approve or reject policies created by other users. To manage policy creation, you can create permission sets for users who can create and modify specific product policies. For example, you can create permission sets that allow one user to change policies and another user permission to approve or reject those changes.

To configure the Server Settings to allow users to submit policies for approval:

Open Menu > Configuration > Server Settings.
Click Approvals on the Setting Categories pane.
Click Edit.
1. Select Users need approval for policy changes if policy users need to seek approval to make changes.
2. Select Administrators and Approvers need approval for policy changes if the administrators and approvers also need to seek approval to make changes.

Policy Catalog

You use the Product menu to view the available policies for a specific product. Policies are further filtered by Policy Category. The categories vary for each product.

Example: Trellix Agent policies are organized by these categories:

General
Repository
Troubleshooting
Custom Properties
Product Improvement Program

Policy Category

The figure below highlights some key controls for a selected product's available product categories.

Search: Provides ability to search policy categories based on search string
New policy: Launches the Create a New Policy dialog box, where you can create a new policy for a selected product and category - Import: Imports previously exported policies to the selected product - Export: Downloads or displays the policies of the selected product in .xml format.
Policy Categories: Name: Lists the name of existing policies. To open a policy, click the link for its name. Rule Assignments: Shows the number of rule assignments for the policy Assigned To: Shows the number of assignments for the policy. Assigned policies are linked to a corresponding Policy Assignment page. Actions: Provides links to the actions available for a selected policy. Some policies are read-only and can only be duplicated. - View: Opens a viewable version of the policy details page for the selected product - Edit: Opens an editable version of the policy details page for the selected product

Policy Details

The figure below highlights some key controls for the policy details of a selected product category.

Policy Actions: Duplicate: Make a copy of policy to edit Delete: Delete policy Export: Download policy in .xml format Share: Designate policy to be shared to another ePO server
Policy Information: Policy Name: Shows policy name for selected policy category Notes: Allows adding notes to the policy Owner: Shows policy owner (click link to manage ownership)
Assignments: Affected Systems: Lists name of existing policies (Click link to open) Assigned To: Shows group or system policy is assigned to Rule Assignments: Shows number of rule assignments for the policy
History: View Full Policy History: Opens Policy History page directly for selected product and product category

The Policy Catalog includes two types of default polices for managed products: Read-only and editable.

You cannot rename, edit, or delete read-only policies. However, you can duplicate and then customize them, as required.
You can change, rename, duplicate, delete, and export custom policies. This includes custom policies that you create by duplicating an existing policy or by clicking the New Policy button.

When you open an existing policy or create a new policy, the policy settings are organized by tabs, which you click to view and define the settings on that tab. The blue checkmarks indicate enabled policy options.

Policy Management

Duplicating a Policy

When you duplicate a policy, you create an exact copy but with a different name. After duplicating the policy, open and edit it as required.

Adding a Policy

Like a duplicated policy, a new policy is based on an existing policy and can be created by clicking the New Policy button. Again, after creating the policy, open and edit it as required.

Editing a Policy

You can edit policies in two locations: Policy Catalog and System Tree.

Some policies are read-only and cannot be edited. The Actions column indicates if the policy you are viewing is read-only.

Changing Policy Ownership

No one can modify or delete a policy except the policy’s owner or an Administrator. Any user with appropriate permissions can assign any policy in the Policy Catalog page, but only the owner or a global administrator can edit the policy.

All policies, for products and features to which you have permissions, are available from the Policy Catalog page. To prevent any user from editing other users’ policies, each policy is assigned an owner: the user who created it.

Guidelines for policy ownership:

Only Owner and Administrator can change ownership
Only users with appropriate permissions can be assigned ownership
You can specify multiple non-administrative users as owners of a single policy

Exporting and Importing Policies

You can use the Export and Import tasks to move policies between servers. To do this, you must export the policy to an XML file, from the Policy Catalog page of the source server, then import it to the Policy Catalog page on the target server.

You can export and import all policies for a product or a single policy.

Exporting all Product Policies

To export all product policies, select the product under the Products column, select Export in the New Policy drop-down, right click the Download file link and select Save link as...

You can then use this file to import to another ePO server.

Importing Policies

To import policies, select the product under the Products column, select Import in the New Policy drop-down, click the Choose File entry and double-click the policy XML file you want to import.

Exporting a Single Policy

To export a single policy, select the Product under the Products column, select the policy, click Export under the Edit drop-down in Policy Details, right click the Download file link and select Save link as...

You can use this file to import to another ePO server or to keep as a backup of the policy.

Renaming or Deleting a Policy

After selecting (highlighting) the policy (ABC Company above), do one of the following:

RENAME:

Click the policy name field and enter in a new name
Click Save Name.

DELETE:

Expand the Edit drop-down under Policy Details and select Delete.
Confirm you want to delete the policy entry and click OK.

When you delete a policy, all groups and systems inherit the policy of their parent group, where applied.

Before deleting a policy, review the groups and systems where it is assigned. If you don’t want the group or system to inherit the policy from the parent group, assign a different policy.

If you delete a policy that is applied to the My Organization group, the McAfee Default policy of this category is assigned.

Policy Assignment Management

Assigning a Policy is the allocation of a specific named policy at a specific node within the ePO System Tree. A policy may be assigned to any node within the ePO System Tree, from the System Tree object itself, to a group or an individual system.

Assigning Policy to the Subgroup
Use this task to assign a policy to a specific group of the System Tree. You can assign policies before or after a product is deployed.

To break inheritance from the parent group, click the radio button by Break inheritance.
From the Assigned policy drop-down list, select the policy you want to assign to this subgroup.
Choose whether to lock policy inheritance. This prevents any systems, that inherit this policy, from having another one assigned in its place.
Click Save.

Assigning Policy to a Single System
Use this task to assign a policy to a single or system. You can assign policies before or after a product is deployed.

To break inheritance from the parent group, click the radio button by Break inheritance.
From the Assigned policy drop-down list, select the policy you want to assign to this subgroup.
Choose whether to lock policy inheritance. This prevents any systems, that inherit this policy, from having another one assigned in its place.
Click Save.

Assigning Policy to a Single System

Use this task to assign a policy to a single or system. You can assign policies before or after a product is deployed.

If the policy is inherited, select Break inheritance and assign the policy and settings below, next to Inherit from.

Select the desired policy from the Assigned policy drop-down list, then click the Save button.

Note: From this location, you can also edit the settings of the selected policy or create a new policy.

Assigning Policy to Multiple Managed Systems

From the System Tree > Systems tab, in the left pane, select the group.
In the right pane, mark the checkbox by each system.
Click Actions > Agent > Set Policy & Inheritance. The Assign Policy page displays.
Complete the Assign Policy page and click Save.

Copying and Pasting Assignments

Use these tasks to copy and paste policy assignments from one group or system to another. This is an easy way to share multiple assignments between groups and systems from different areas of the System Tree.

On the System Tree > Assigned Policies tab, selected the desired group, then click Actions > Paste Assignments.

Note: If the group already has policies assigned for some categories, the Override Policy Assignments page displays. If this page appears, select the policy category to paste and click OK.

Exporting and Importing Policy Assignments

Export All Assignments: Exports all displayed assignments to an XML file
Export Group Policies: Exports policies assigned to a specific group
Export Table: Displays the Export page, allowing you to choose the way the table is exported
Import Assignments: Imports previously exported policy assignments

Locking Policy Assignment

Policy enforcement locking prevents other users from changing policy assignment settings: in the group where locking took place and in any subgroups.

Can be locked at any group within the System Tree
Does not prevent a policy from being modified
Prevents breaking inheritance below the point of assignment

Policy Assignment Approval

With the Policy Assignment Approval feature, if the user or administrator tries to assign the policy on systems or groups, then the administrator or the user with appropriate permissions can verify and approve the changes before it gets assigned and pushed to systems or groups.

Policy Assignment Rules

Policy assignment rules reduce the overhead of managing numerous policies for individual users or systems that meet specific criteria, while maintaining more generic policies across your System Tree. This level of granularity in policy assignment limits the instances of broken inheritance in the System Tree needed to accommodate the policy settings that specific users or systems require.

Policy assignments are based on user-specific or system-specific criteria.

System-based rules:
- Assigned to managed systems
- Assigned priority, which can be changed
- Cannot include user-based criteria
User-based rules:
- Assigned to groups, organizational units, or user names
- Can include system-based criteria
- Enforced when users log into the network

Creating Policy Assignment Rules

Click the New Assignment Rule button at the top of the page to launch the Policy Assignment Builder. Your first step is to enter rule details (Name and Description), then click Next.

Note: By default, the priority for new policy assignment rules is assigned sequentially based on the number of existing rules. You can edit the priority of this and any rule by clicking Edit Priority on the Policy Assignment Rules page.

From the Assigned Policies page, click Add Policy and select the policies to be applied. Click the plus sign (+) to add another policy. Click the minus sign (-) to remove a policy. Click Next to continue.

From the Selection Criteria page, choose the criteria for this assignment (Comparison and Value).

Apply any additional Available Properties from the left pane, then click Next.

From the Summary page, review the rule configuration. Click Back to make changes to prior screens. When satisfied with the configuration, click the Save button in the bottom right corner of the page.

Policy Assignment Rules Priority

Policy assignment rules can be prioritized to simplify maintenance of policy assignment management. When you set priority to a rule, it is enforced before other assignments that have a lower priority.

By default, the priority for new policy assignment rules is assigned sequentially, based on the number of existing rules.

You can edit the priority of this, or any, rule by clicking Edit Priority on the Policy Assignment Rules page.

In some cases, the outcome can be that some rule settings are overridden; for example, consider a user or system that is included in two policy assignment rules, Rules A and B. Rule A has priority level 1 and allows included users unrestricted access to internet content. Rule B has priority level 2 and heavily restricts the same user's access to internet content. In this scenario, Rule A is enforced because it has higher priority. As a result, the user has unrestricted access to internet content.

Resetting Broken Inheritance

From the System Tree > Assigned Policies tab:
Locate the Broken Inheritance column on the right. This column displays the number of groups and systems where this policy's inheritance is broken.
Example: If only one group does not inherit the policy, this is represented by 1 doesn't inherit, regardless of the number of systems within the group.
Click the link indicating the number of child groups or systems that have broken inheritance. The Broken Inheritance page displays a list of the names of these groups and systems.
To reset the inheritance of any of these, mark the checkbox next to the name, then click Actions > Reset Inheritance.

You can also click the Edit Assignment link, the Broken Inheritance link, then Actions > Reset Inheritance.

Policy Enforcement

Policy enforcement is an inherited property that is independent from policy assignment. It is inherited from the System Tree root (My Organization) unless inheritance is turned off. By default, when assigned, all policies have an Enforcement status of Enforcing.

If a policy is not enforced, it will not be implemented by the Trellix Agent. This means that, although the managed system has received the policy assigned to it, that policy will not be applied on the system.

Policies are enforced when:

The agent communicates with the ePO server or the Agent Handler at the configured agent-to-server communications interval (ASCI)
You send an Agent Wake Up call from the ePO server (updates and enforces policies on the client)
In addition, if the client end user has access to the Trellix Agent Status Monitor (set by the policy), the user can click the Check New Policies button to initiate communication and enforce policy changes.

When you reconfigure policy settings, the new settings are delivered to and enforced on the managed systems at the next agent-server communication. The frequency of this communication is determined by the Agent-to-server-communication interval (ASCI) settings on the General tab of the Trellix Agent policy pages or the Trellix Agent Wakeup client task schedule (depending on how you implement agent-server communication). By default, this interval is set to occur once every 60 minutes.

Once the policy settings are in effect on the managed system, the agent continues to enforce local policy settings at a regular interval. This enforcement interval is determined by the Policy enforcement interval setting on the General tab of the Trellix Agent policy pages. By default, this interval is set to occur every 60 minutes.

Policy Comparison

Introduction

The Policy Comparison feature lets you compare similar policies. This helps to determine which settings are different and which settings are the same.

Many of the values and variables included in Policy Comparison are specific to each product. For product policies not included in the table, see the documentation for the product that provides the policy that you want to compare.

Summary

The Show All Settings / Show Only Differences options populate the policies to compare in the Policy 1 and Policy 2 lists.

The Show Only Differences option, when selected, shows only the policy changes between the two policies being compared, providing a quick look at what’s different between the two policies.

Policy History

When you change a policy from the Policy Catalog, a Policy History entry is created where you can describe the change for future reference. Policy History entries display in three places:

Policy History
Server Task Log Details
Audit Log Details

Only polices you create in the Policy Catalog have Policy History entries.

To view the Policy History, select Menu > Policy > Policy History. Note: No Policy History entries display for McAfee Default policies. You might need to use the page filter to select a created or duplicated McAfee Default policy.
Use the Product, Category, and Name filters to select Policy History entries.
To manage a policy or Policy History entry, click Actions, then select an action.
- Choose Columns: Opens a dialog box that allows you to select which columns to display.
- Compare Policy: Opens the Policy Comparison page, where you can compare two selected policies. The current version of a policy has the latest date. To compare the current revision of a policy and a previous policy revision, select the latest revision and a previous revision.
- Export Table: Opens the Export page, where you can specify the package and format of Policy History entry files to export, then email the file.
- Revert Policy: Reverts the policy to the selected policy version. You can select only one target policy.

Make sure that you leave a comment when you revise a policy. Consistent commenting creates a strong history of your changes.

To record policy revisions, enter a comment in the text field next to Duplicate in the footer of the Policy Catalog page.

PreviousModule Intro NextDuplicating and Editing a Policy Simulation

Last updated 1 year ago

Policies Overview

Policies are a collection of rules or settings that make sure a product's features are configured correctly on your managed systems.

ePO policy management features or functions include:

Policy Catalog

Provides a central location for the creation and management of default and custom policies

Policy Assignments

Policy Assignment Rules

Reduce the overhead of managing numerous policies for individual users or systems that meet specific criteria while maintaining more generic policies across your System Tree

Policy History

Lets you view and compare policy history entries or revert to a previous version of a policy

Policy Comparison

Lets you compare like policies (all settings, matches, differences). Many of the values and variables are specific to each product. Optionally, you can open a printer-friendly view of the comparison.

Permission Sets

Assignment and Inheritance

It is likely that most systems within any environment will require an identical or very similar configuration. A small minority of systems may require radically different settings from the majority.

The purpose of policy objects and inheritance is to allow the described scenario (or any given scenario) to be implemented with the minimal effort possible.
Policy assignment is the allocation of a specific named policy object at a specific node within the ePO System Tree to achieve this.
Policy inheritance is the concept of a higher-level policy assignment being applied to a lower-level node.

ePO provides two policy objects (one is named Trellix Default and the other is My Default) for each product or product configuration category.

User Interface

To access the Policy Catalog entries, click Menu > Policy > Policy Catalog or select Policy Catalog from the top Menu bar in the ePO console.

The Policy Catalog has been divided into three sections:

Products
Policy Category
Policy Details

Click the information (i) icon in each section in the figure below to see additional details.

Policy Approval Management

To configure the Server Settings to allow users to submit policies for approval:

Open Menu > Configuration > Server Settings.
Click Approvals on the Setting Categories pane.
Click Edit.
1. Select Users need approval for policy changes if policy users need to seek approval to make changes.
2. Select Administrators and Approvers need approval for policy changes if the administrators and approvers also need to seek approval to make changes.

Policy Catalog

You use the Product menu to view the available policies for a specific product. Policies are further filtered by Policy Category. The categories vary for each product.

Example: Trellix Agent policies are organized by these categories:

General
Repository
Troubleshooting
Custom Properties
Product Improvement Program

Policy Category

The figure below highlights some key controls for a selected product's available product categories.

Search: Provides ability to search policy categories based on search string
New policy: Launches the Create a New Policy dialog box, where you can create a new policy for a selected product and category - Import: Imports previously exported policies to the selected product - Export: Downloads or displays the policies of the selected product in .xml format.
Policy Categories: Name: Lists the name of existing policies. To open a policy, click the link for its name. Rule Assignments: Shows the number of rule assignments for the policy Assigned To: Shows the number of assignments for the policy. Assigned policies are linked to a corresponding Policy Assignment page. Actions: Provides links to the actions available for a selected policy. Some policies are read-only and can only be duplicated. - View: Opens a viewable version of the policy details page for the selected product - Edit: Opens an editable version of the policy details page for the selected product

Policy Details

The figure below highlights some key controls for the policy details of a selected product category.

Policy Actions: Duplicate: Make a copy of policy to edit Delete: Delete policy Export: Download policy in .xml format Share: Designate policy to be shared to another ePO server
Policy Information: Policy Name: Shows policy name for selected policy category Notes: Allows adding notes to the policy Owner: Shows policy owner (click link to manage ownership)
Assignments: Affected Systems: Lists name of existing policies (Click link to open) Assigned To: Shows group or system policy is assigned to Rule Assignments: Shows number of rule assignments for the policy
History: View Full Policy History: Opens Policy History page directly for selected product and product category

The Policy Catalog includes two types of default polices for managed products: Read-only and editable.

You cannot rename, edit, or delete read-only policies. However, you can duplicate and then customize them, as required.
You can change, rename, duplicate, delete, and export custom policies. This includes custom policies that you create by duplicating an existing policy or by clicking the New Policy button.

Policy Management

Duplicating a Policy

When you duplicate a policy, you create an exact copy but with a different name. After duplicating the policy, open and edit it as required.

Adding a Policy

Like a duplicated policy, a new policy is based on an existing policy and can be created by clicking the New Policy button. Again, after creating the policy, open and edit it as required.

Editing a Policy

You can edit policies in two locations: Policy Catalog and System Tree.

Some policies are read-only and cannot be edited. The Actions column indicates if the policy you are viewing is read-only.

Changing Policy Ownership

Guidelines for policy ownership:

Only Owner and Administrator can change ownership
Only users with appropriate permissions can be assigned ownership
You can specify multiple non-administrative users as owners of a single policy

Exporting and Importing Policies

You can export and import all policies for a product or a single policy.

Exporting all Product Policies

To export all product policies, select the product under the Products column, select Export in the New Policy drop-down, right click the Download file link and select Save link as...

You can then use this file to import to another ePO server.

Importing Policies

Exporting a Single Policy

You can use this file to import to another ePO server or to keep as a backup of the policy.

Renaming or Deleting a Policy

After selecting (highlighting) the policy (ABC Company above), do one of the following:

RENAME:

Click the policy name field and enter in a new name
Click Save Name.

DELETE:

Expand the Edit drop-down under Policy Details and select Delete.
Confirm you want to delete the policy entry and click OK.

When you delete a policy, all groups and systems inherit the policy of their parent group, where applied.

Before deleting a policy, review the groups and systems where it is assigned. If you don’t want the group or system to inherit the policy from the parent group, assign a different policy.

If you delete a policy that is applied to the My Organization group, the McAfee Default policy of this category is assigned.

Policy Assignment Management

Assigning Policy to the Subgroup
Use this task to assign a policy to a specific group of the System Tree. You can assign policies before or after a product is deployed.

To break inheritance from the parent group, click the radio button by Break inheritance.
From the Assigned policy drop-down list, select the policy you want to assign to this subgroup.
Choose whether to lock policy inheritance. This prevents any systems, that inherit this policy, from having another one assigned in its place.
Click Save.

Assigning Policy to a Single System
Use this task to assign a policy to a single or system. You can assign policies before or after a product is deployed.

To break inheritance from the parent group, click the radio button by Break inheritance.
From the Assigned policy drop-down list, select the policy you want to assign to this subgroup.
Choose whether to lock policy inheritance. This prevents any systems, that inherit this policy, from having another one assigned in its place.
Click Save.

Assigning Policy to a Single System

Use this task to assign a policy to a single or system. You can assign policies before or after a product is deployed.

If the policy is inherited, select Break inheritance and assign the policy and settings below, next to Inherit from.

Select the desired policy from the Assigned policy drop-down list, then click the Save button.

Note: From this location, you can also edit the settings of the selected policy or create a new policy.

Assigning Policy to Multiple Managed Systems

From the System Tree > Systems tab, in the left pane, select the group.
In the right pane, mark the checkbox by each system.
Click Actions > Agent > Set Policy & Inheritance. The Assign Policy page displays.
Complete the Assign Policy page and click Save.

Copying and Pasting Assignments

On the System Tree > Assigned Policies tab, selected the desired group, then click Actions > Paste Assignments.

Note: If the group already has policies assigned for some categories, the Override Policy Assignments page displays. If this page appears, select the policy category to paste and click OK.

Exporting and Importing Policy Assignments

Export All Assignments: Exports all displayed assignments to an XML file
Export Group Policies: Exports policies assigned to a specific group
Export Table: Displays the Export page, allowing you to choose the way the table is exported
Import Assignments: Imports previously exported policy assignments

Locking Policy Assignment

Policy enforcement locking prevents other users from changing policy assignment settings: in the group where locking took place and in any subgroups.

Can be locked at any group within the System Tree
Does not prevent a policy from being modified
Prevents breaking inheritance below the point of assignment

Policy Assignment Approval

Policy Assignment Rules

Policy assignments are based on user-specific or system-specific criteria.

System-based rules:
- Assigned to managed systems
- Assigned priority, which can be changed
- Cannot include user-based criteria
User-based rules:
- Assigned to groups, organizational units, or user names
- Can include system-based criteria
- Enforced when users log into the network

Creating Policy Assignment Rules

Click the New Assignment Rule button at the top of the page to launch the Policy Assignment Builder. Your first step is to enter rule details (Name and Description), then click Next.

From the Selection Criteria page, choose the criteria for this assignment (Comparison and Value).

Apply any additional Available Properties from the left pane, then click Next.

Policy Assignment Rules Priority

By default, the priority for new policy assignment rules is assigned sequentially, based on the number of existing rules.

You can edit the priority of this, or any, rule by clicking Edit Priority on the Policy Assignment Rules page.

Resetting Broken Inheritance

From the System Tree > Assigned Policies tab:
Locate the Broken Inheritance column on the right. This column displays the number of groups and systems where this policy's inheritance is broken.
Example: If only one group does not inherit the policy, this is represented by 1 doesn't inherit, regardless of the number of systems within the group.
Click the link indicating the number of child groups or systems that have broken inheritance. The Broken Inheritance page displays a list of the names of these groups and systems.
To reset the inheritance of any of these, mark the checkbox next to the name, then click Actions > Reset Inheritance.

You can also click the Edit Assignment link, the Broken Inheritance link, then Actions > Reset Inheritance.

Policy Enforcement

Policies are enforced when:

The agent communicates with the ePO server or the Agent Handler at the configured agent-to-server communications interval (ASCI)
You send an Agent Wake Up call from the ePO server (updates and enforces policies on the client)
In addition, if the client end user has access to the Trellix Agent Status Monitor (set by the policy), the user can click the Check New Policies button to initiate communication and enforce policy changes.

Policy Comparison

Introduction

The Policy Comparison feature lets you compare similar policies. This helps to determine which settings are different and which settings are the same.

Summary

The Show All Settings / Show Only Differences options populate the policies to compare in the Policy 1 and Policy 2 lists.

The Show Only Differences option, when selected, shows only the policy changes between the two policies being compared, providing a quick look at what’s different between the two policies.

Policy History

When you change a policy from the Policy Catalog, a Policy History entry is created where you can describe the change for future reference. Policy History entries display in three places:

Policy History
Server Task Log Details
Audit Log Details

Only polices you create in the Policy Catalog have Policy History entries.

To view the Policy History, select Menu > Policy > Policy History. Note: No Policy History entries display for McAfee Default policies. You might need to use the page filter to select a created or duplicated McAfee Default policy.
Use the Product, Category, and Name filters to select Policy History entries.
To manage a policy or Policy History entry, click Actions, then select an action.
- Choose Columns: Opens a dialog box that allows you to select which columns to display.
- Compare Policy: Opens the Policy Comparison page, where you can compare two selected policies. The current version of a policy has the latest date. To compare the current revision of a policy and a previous policy revision, select the latest revision and a previous revision.
- Export Table: Opens the Export page, where you can specify the package and format of Policy History entry files to export, then email the file.
- Revert Policy: Reverts the policy to the selected policy version. You can select only one target policy.