Can I whitelist or exempt a device?

Making exceptions is, unfortunately, a normal part of IT and security operations. And while it may be considered a last-resort, there should still be an elegant way of handling it. With this in mind, we’ve created a straightforward policy exemption mechanism for GEARS devices.

Additionally, because exempt devices can potentially create security holes in your network, we’ve made it easy to audit exemption events, find exempt devices, and reverse the exemption.

While in an exempt state, devices will respond to the registry API and REST API as if they were compliant. Despite this, all compliance issues will continue to be reported in the device details and API detailed responses.

Exempting a device from Metadefender Endpoint Management policy

Devices can be exempted in the Metadefender Endpoint Management cloud UI, or by using the Metadefender Endpoint Management cloud APIs. To exempt a device using the Metadefender Endpoint Management management UI, the process is simple:

  1. Log into Metadefender Endpoint Management cloud
  2. Open the details page for a non-complaint device
  3. Find the ‘Exempt’ button in the top-right
  4. Choose to exempt the device from all issues or critical issues only

The devices_action API can be used for programmatically managing device exemption state.

Reversing an exemption
  1. Log into Metadefender Endpoint Management cloud
  2. Open the details page for an exempt device
  3. Find the ‘Exempt’ button in the top-right
  4. Choose to Unexempt the device
Finding exempt devices

In the device list view, an exempt device will be highlighted with a  symbol. Filters can also be used to show only exempt devices.

Audit log for tracking exemptions

Metadefender Endpoint Management allows multiple administrators to manage a single account, so it’s important that administrators can track actions taken by each other. To this point, exemption actions have been added to the Administrator Events section of the event log. 

Any actions taken to exempt or unexempt a device will appear in this log, along with the name of the logged-in administrator who performed the action. For better visibility, two new filters are provided as well.

Remediation page

To prevent any user confusion, a new remediation page state was created to clearly communicate to users that they have issues but are temporarily exempted by the administrator. Like the rest of the remediation page, the messaging can be fully customized in the WYSIWYG editor.

(note that the images on below still reflect the older name of Metadefender Endpoint Management, which was Gears)

 

 

Original blog post

This article applies to the Windows persistent Metadefender Endpoint Management.
This article was last updated on 2015-04-04
DL

Powered by Zendesk