Endpoint Access Enforcement settings

Endpoint Access Enforcement (EAE) monitors inbound connections to computers on the corporate network, allowing or blocking them based on the security status of the connecting computer.

When you configure an Endpoint Access Enforcement policy, you must specify which characteristics of the connecting computer pose a risk to the target computer. These characteristics have to do with the connecting computer management model, the status of the security software installed on this computer, and its overall risk level.

Additionally, you must specify the protocols you want to monitor in inbound connections, and configure the action you want the security software to take on these connections (allow or block).

For more information about the Endpoint Access Enforcement module, see:
Creating and managing settings profiles: Information about how to create, edit, delete, or assign settings profiles to the computers on your network.
Accessing, controlling, and monitoring the management console: Managing user accounts and assigning permissions.
Managing lists: Information about how to manage lists.

Endpoint Access Enforcement settings

Minimum requirements

  • Advanced EDR security software: The computer must have Advanced EDR v4.40 or higher installed.

  • Operating system installed on the computer: Endpoint Access Enforcement is compatible with Windows computers.

    Computers with a macOS or Linux operating system and Advanced EDR v4.40 or higher installed report the status of the security software to Windows computers that evaluate their risk level. See Endpoint Access Enforcement operating mode.

  • Open ports on the computer: The Advanced EDR agent requires that port 33000 be open to communicate with other computers.

Accessing the settings

  • From the top menu, select Settings. From the side menu, select Endpoint Access Enforcement.

  • Click Add. The Add settings page opens.

Required permissions

Permission Access type

Configure Endpoint Access Enforcement

Create, edit, delete, copy, or assign Endpoint Access Enforcement settings profiles.

View Endpoint Access Enforcement settings

View Endpoint Access Enforcement settings profiles.

Permissions required to access the Endpoint Access Enforcement settings

Endpoint Access Enforcement settings options

To configure an Endpoint Access Enforcement policy:

  • Enter a name and description for the settings profile.

  • Click Save.

  • From the list of profiles, select the profile you created. The Edit settings page opens.

  • To select the computers you want to assign the settings to, click the Recipients (No recipients selected) link. To add computers individually, click . To remove them, click .

  • On the Edit settings page, enable the Endpoint Access Enforcement toggle.

  • To specify the characteristics that define the security status of the connecting computer, see Security characteristics of connecting computers.

  • To configure the action Endpoint Access Enforcement must take when it detects a connection from a computer at risk, see Endpoint Access Enforcement operating mode.

  • To configure the inbound connection protocols you want to monitor, see Monitoring inbound connection protocols.

Security characteristics of connecting computers

Select which conditions of connecting computers can pose a risk to the target computer:

  • Unmanaged/Unavailable: The connecting computer:

    • Does not have a supported security software installed. See Minimum requirements.

    • Does not have the minimum required version of Advanced EDR installed. See Minimum requirements. To update the agent, the security software, and the security software signature file, see Product updates and upgrades.

    • Is not available or a firewall prevents connecting to it.

  • Managed by another account: The connecting computer is managed by an account other than the account that manages the target computer.

  • Protection not enabled: The connecting computer security software is up to date but not enabled. It poses a risk to the target computer. See Minimum requirements.

  • Risk level greater than or equal to Medium, High, or Critical: The overall risk level for the connecting computer is greater than or equal to Medium, High, or Critical. See Risk assessment.Risk assessment

Endpoint Access Enforcement operating mode

From the Action to be taken on inbound connections from computers at risk drop-down menu, select the action Endpoint Access Enforcement must take on inbound connections detected on target computers:

  • Audit: Endpoint Access Enforcement reports inbound connections from computers at risk. See Endpoint Access Enforcement module lists.

    These connections are allowed by the security software and appear in red in the Connection Map.

  • Block: Endpoint Access Enforcement detects and blocks connections from computers at risk.

    These connections appear in gray in the Connection Map.

    For a pop-up notification to appear on the user computer when a connection is blocked, enable the Show an alert when Endpoint Access Enforcement blocks a connection toggle. You can type the message you want to appear in the pop-up notification. Click Save.

Monitoring inbound connection protocols

By default, Endpoint Access Enforcement monitors inbound connections for SMB (a protocol that enables users to communicate with remote computers and servers to share, open, or edit files) and RDP (a protocol that enables users to remotely share a computer desktop) traffic.

To configure monitoring of the SMB and RDP protocols:

  • Select the checkbox for the protocol you want to configure. Click . The Configure Protocol dialog box opens.

  • To add ports to the settings, type them in the text box. Press Enter.

By default, Endpoint Access Enforcement applies protocol monitoring to workstations. If you want to apply it to servers as well, disable the toggle.

  • To allow connections from specific IP addresses, type them in the text box. Press Enter.

  • Click Save.

To add protocols other than SMB and RDP:

  • On the Add settings page, click . The Configure Protocol dialog box opens.

  • From the Protocol drop-down menu, select the protocol you want to monitor. If the protocol is not in the list, select Custom.

  • Follow the steps in the previous section.

  • Click Save.

The settings profile you create appears at the top of the list of Endpoint Access Enforcement settings profiles.