Endpoint Admission Defense Help >> Operation Guide >> Service Parameters >> System Settings

System Settings

This function provides configuration of EAD service.

Parameters

• Patch Check Interval: The period in which the patch check is not needed for security authentication since the last security authentication. If it is set to 0, patch check is needed each time for security authentication. This value is valid for check manually or through Microsoft server.
• Grace Days for Patch Noncompliance: Specifies how many days the user can access the network when the PC passes all security check items except the patch check and the isolation security mode is configured. During the grace days, the system performs the patch check every time the user comes online until the PC passes the patch check, and then the Patch Check Interval parameter takes effect. If the user cannot pass the patch check after the grace days, the system isolates the user. The default value of 0 indicates that the user is immediately isolated when the patch check fails.This parameter takes effect only on the check through the Microsoft server.
• Real-Time Monitor Interval: If Real-Time monitor is enabled, the proxy server sends the interval to the client. The client performs check periodically based on this value.
• EAD Service Group: This feature allows you to enable/disable the EAD service hierarchical management function. The EAD service hierarchical management function depends on the UAM service hierarchical management function. Therefore, if the UAM service hierarchical management function is disabled, the EAD service hierarchical management function is also disabled, and the EAD Service Group parameter is not provided on the system parameters configuration page. If the UAM service hierarchical management function is enabled (the parameter is set to Enable), the EAD Service Group parameter is provided and you can select Enable, Disable or Center Control for it. If Center Control is selected, all EAD services will be managed centrally by the administrator, maintainers/viewers can only query the EAD services.
• Send Security Syslogs: If you select Yes, the system checks for new security logs every hour, and sends a syslog to the syslog server for each new security log, if any. To specify the IP address of the syslog server, configure the Syslog Server IP parameter in User > User Access Policy > Service Parameters > System Settings > System Parameters.
• Centralized Policy Management: This parameter determines whether to manage policies for nodes centrally on the parent node. Policies include service policies and security policies.
• Data Report Time: This parameters specifies the time when a child node reports data to the parent node everyday.
• Data Lifetime: The period of time for which the parent node keeps the data reported from a child node. Expired data is deleted.
• Security Logs Lifetime: Sets the period that a security log is kept in the system. Expired logs are automatically removed from the system.
• Reauthentication Interval: Interval after which the proxy server will notify the client for another security authentication.
• Internet Access Audit Log Keeping Time: Sets the maximum time that an Internet access audit log is kept in the system. The system will delete the logs whose duration exceeds the specified keeping time.
• Max Internet Access Audit Logs: Sets the maximum number of Internet access audit logs that can be kept in the system. The system will delete logs from the earlist record when the specified number is reached.
• Generate logs after the security check is passed: Selecting this check box to record the logs that the client passes the security authentication.
• Flee from Authentication and Security Check:Select this option to allow clients to flee from authentication and security check when the UAM server is unavailable.

Precautions

• If you select Deny or Central Management for the EAD Service Group parameter, all EAD services will be grouped to ungroup.
• To obtain accurate statistics, set the lifetime of security logs to be more than 7 days for the weekly Multi-Node Single-Security Check Item Failures Comparison Chart and Single-Node Security Check Failure Report, and set the lifetime to be more than 30 days for the monthly Multi-Node Single-Security Check Item Failures Comparison Chart and Single-Node Security Check Failure Report.

Related Topics

• Validate