deviceTRUST 23.1.410 for Windows and macOS, and 23.1.400 for Ubuntu and iOS are now available.
×
Search

Policy category: Host Filter

  1. Policy setting: Query to include host ACCESS POINTS
  2. Policy setting: Query to include host CERTIFICATES
  3. Policy setting: Query to include host DISPLAYS
  4. Policy setting: Query to include host LOGICAL DISKS
  5. Policy setting: Query to include host MAPPED DRIVES
  6. Policy setting: Query to include host NETWORKS
  7. Policy setting: Query to include host PRINTERS
  8. Policy setting: Query to include host SECURITY PRODUCTS
  9. Policy setting: Query to exclude host WINDOWS FIREWALL rules
  10. Policy setting: Filter host ACCESS POINT ssid, bssid, speed, quality, etc
  11. Policy setting: Filter host CELLULAR network, country, roaming, model, vendor, etc
  12. Policy setting: Filter host CERTIFICATE store, name, issuer, subject, etc
  13. Policy setting: Filter host DEVICETRUST version number, connected, license, etc
  14. Policy setting: Filter host DISPLAY capabilities
  15. Policy setting: Filter host DOMAIN, name, dns, id, join
  16. Policy setting: Filter host HARDWARE vendor, model, cpu, memory, bios, etc
  17. Policy setting: Filter host INPUT keyboard, mouse, pen and touch
  18. Policy setting: Filter host LOCATION position, address, etc
  19. Policy setting: Filter host LOGICAL DISK type, label, file system, free space, vendor, product, etc
  20. Policy setting: Filter host MAPPED DRIVE local, remote, user, etc
  21. Policy setting: Filter host NAME, id, dns, sid, etc
  22. Policy setting: Filter host NETWORK ipv4, ipv6, mac, dns, wifi, etc
  23. Policy setting: Filter host OS name, version, etc
  24. Policy setting: Filter host PASSWORD POLICY min and max age, length, history, etc
  25. Policy setting: Filter host PERFORMANCE, including bandwidth and latency
  26. Policy setting: Filter host POWER ac, battery, scheme
  27. Policy setting: Filter host PRINTER name, share, port, driver, etc
  28. Policy setting: Filter host REGION time zone, language, locale, keyboard, etc
  29. Policy setting: Filter host REMOTE CONTROL active, protocol, remote ip, etc
  30. Policy setting: Filter host SCREEN SAVER enabled, secure, timeout and filename
  31. Policy setting: Filter host SECURITY PRODUCT antispyware, antivirus, firewall, name, status, etc
  32. Policy setting: Filter host SESSION id, logon & connect time, etc
  33. Policy setting: Filter host SMARTCARDREADER name
  34. Policy setting: Filter host USER name, domain, local admin, auth, password age, groups, etc
  35. Policy setting: Filter host WHOIS ip, dns, isp and country
  36. Policy setting: Filter host WINDOWS user access control, smartscreen
  37. Policy setting: Filter host WINDOWS DEFENDER status, last scan, versions, etc
  38. Policy setting: Filter host WINDOWS FIREWALL profile settings, rules, etc
  39. Policy setting: Filter host WINDOWS REGISTRY count, path, value and data
  40. Policy setting: Filter host WINDOWS UPDATE status, last install, pending updates, etc

Policy setting: Query to include host ACCESS POINTS

Defines queries which can be used to discover access points on the local host.

Access points are included within the properties if they match all of the constraints within any of the queries.

The maximum number of access points is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for SSID and BSSID.
  • Number constraints for Strength, Quality and Frequency.
  • Boolean constraint for Secure.

For example:

  • SSID=’*’ - Queries all access points.
  • SSID=’*’, Secure=’true’ - Queries all secure access points.
  • SSID=’MyNetwork-*’, Strength>=’-50’ - Queries all access points with an SSID beginning with ‘MyNetwork-‘ and with an RSSI signal strength greater than or equal to ‘-50’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value does not return any access points.

Policy setting: Query to include host CERTIFICATES

Defines one or more queries which can be used to find private certificates on the local host.

Certificates are included within the properties if they match all of the constraints within any of the queries.

The maximum number of certificates is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Store, Name, Subject, Issuer, SignatureAlgorithm, SerialNumber, ThumbprintSha256, Template, ExtendedUsage, Policies, RootName and RootThumbprintSha256.
  • Enum constraint for Location with values CurrentUser and LocalMachine.
  • Enum constraint for Version with values V1, V2 and V3.
  • Enum constraint for VerificationError with values None, CannotBeVerified, Revoked, UntrustedRoot, UntrustedTestRoot, Chaining, Expired, Critical and NoRevocationCheck.
  • Enum constraint for Usage with values EncipherOnly, CrlSigning, CertificateSigning, KeyAgreement, DataEncipherment, KeyEncipherment, NonReduiation, DigitalSignature and DecipherOnly.
  • Enum constraint for TpmKeyAttestation with values None, UserCredentials, HardwareCertificate and HardwareKey.
  • Date constraints for NotBefore and NotAfter.

For example:

  • Template=’CompanyCert’, ExtendedUsage=’1.3.6.1.5.5.7.3.2’ - All certificates assigned by a template containing the name ‘CompanyCert’ for use with client authentication.
  • VerificationError=’*’ - All certificates, regardless of their verification errors.
  • VerificationError=’None;Expired’, Issuer=’TrustedAuthority’ - All valid or expired certificates whose issuer contains the text ‘TrustedAuthority’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value is “Store=’My’, Location=’CurrentUser’, VerificationError=’None’”. Store defaults to ‘My’ unless specified. Location defaults to ‘CurrentUser’ unless specified. VerificationError defaults to ‘None’ unless specified.

Policy setting: Query to include host DISPLAYS

Defines queries which can be used to discover displays on the local host.

Displays are included within the properties if they match all of the constraints within any of the queries.

The maximum number of displays is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraint for MonitorVendor, MonitorProduct, MonitorSerialNumber, AdapterVendor, AdapterProduct.
  • Number constraints for Width, Height and Bpp.
  • Boolean constraints for MonitorExternal.

For example:

  • Width>=’1024’, Height>=’768’ - Queries all displays which have a width greater than or equal to 1024 pixels, and a height greater than or equal to 768.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default query includes all displays.

Policy setting: Query to include host LOGICAL DISKS

Defines one or more queries which can be used to find logical disks on the local host.

Logical disks are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Enum constraints for Type with values Removable, Fixed, PortableDevice, Cdrom and Ramdisk.
  • Enum constraints for Flags with values PreservedNames, CaseSensitiveSearch, DaxVolume, SupportsCompression, NamedStreams, PersistentAcls, ReadOnly, SequentialWriteOnce, SupportsEncryption, ExtendedAttributes, HardLinks, ObjectIds, OpenByFileId, ReparsePoints, SparseFiles, Transactions, UsnJournal, UnicodeFileNames, IsCompressed, SupportsQuotas.
  • Enum constraints for BusType with values SCSI, ATAPI, ATA, IEEE1394, SSA, FibreChannel, USB, RAID, iSCSI, SAS, SATA, SecureDigital, MultimediaCard, Virtual, FileBackedVirtual, StorageSpaces and NVMe.
  • Text constraints for Label, FileSystem, Drive, Path, Name and SerialNumber.
  • Number constraints for TotalMB, FreeMb, Free, VendorId and ProductId.
  • Boolean constraint for Encrypted, Hidden and System.

For example:

  • Drive=’D:,E:,F:,G:’ - Returns any drive mapped to letters D, E, F or G.
  • Type=’Removable’ - Returns only removable disks.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value returns logical disks represented by a path and all portable devices (e.g. Path!=’’ and Type=’PortableDevice’).

Policy setting: Query to include host MAPPED DRIVES

Defines one or more queries which can be used to find mapped drives on the local host.

Mapped drives are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Text constraints for Drive, Server, Share, User and Provider.

For example:

  • Drive=’D:’ - Returns any drives mapped to a local D:.
  • User=’DOMAIN*’ - Returns any mapped drives authenticated by a member of the ‘DOMAIN’ domain.
  • Server=’\SERVERNAME’ - Returns any mapped drives using a remote server name of ‘\SERVERNAME’.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value returns all mapped drives.

Policy setting: Query to include host NETWORKS

Defines queries which can be used to discover networks on the local host.

Networks are included within the properties if they match all of the constraints within any of the queries.

The maximum number of networks is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Name, Description, Mac, GatewayMac, WifiSsid, WifiBssid, WifiSecurity and DnsSuffix.
  • Enum constraint for Status with values Up, Down, Testing, Unknown, Dormant, NotPresent and LowerLayerDown.
  • Enum constraint for Type with values Other, Ethernet, PPP, ATM, WiFi, Tunnel, Firewire and Mobile.
  • Enum constraint for Category with values Public, Private and Domain.
  • Boolean constraint for DhcpEnabled and Virtual.
  • Number constraints for Speed and WifiStrength.
  • IpAddress constraints for IPv4, IPv6, IPv4Subnet, IPv6Subnet, Gateway, DNS, WINS and DhcpServer.

For example:

  • DhcpEnabled=’true’, DhcpServer=’192.168.100.1-2’, GatewayMac=’01-02-03-04-05-06-07’ - Matches networks assigned an ip from a DHCP Server of address 192.168.100.1 or 192.168.100.2 configured with a gateway using MAC address 01-02-03-04-05-06-07.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value is “Status=’Up’”. Status defaults to ‘Up’ unless specified.

Policy setting: Query to include host PRINTERS

Defines one or more queries which can be used to find printers on the local host.

Printers are included within the properties if they match all of the constraints within any of the queries.

The maximum number of printers is limited to the maximum items field, or unlimited when set to zero.

Available constraints include:

  • Text constraints for Name, Server, Share, Port, Location, Driver, DriverFile and DriverManufacturer.
  • Boolean constraints for Default, Local, DirectoryPublished and KeepPrintJobs.
  • Enum constraint for Errors with values Paused, Error, PendingDeletion, PaperJam, PaperOut, PaperProblem, Offline, OutputBinFull, NotAvailable, TonerLow, NoToner, CannotPrintPage, UserIntervention, OutOfMemory, DoorOpen, ServerUnknown, ServerOffline and DriverUpdateNeeded.
  • Version constraint for DriverVersion.

For example:

  • Default=’true’ - Returns just the default printer.
  • Share=’\SERVER??*’, Errors=’*’ - Returns printers which have a share matching the wildcard ‘\SERVER??*’ regardless of the error value.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value is “Errors!=’Offline;ServerOffline;NotAvailable’”. Errors defaults to all values except ‘Offline;ServerOffline;NotAvailable’ unless specified.

Policy setting: Query to include host SECURITY PRODUCTS

Defines queries which can be used to discover security products on the local host.

Security Products are included within the properties if they match all of the constraints within any of the queries.

Available constraints include:

  • Text constraint for Name.
  • Enum constraint for Category with values AntiVirus, AntiSpyware and Firewall.
  • Enum constraint for Status with values Active, Out-Of-Date and Inactive.
  • Date constraint for Timestamp.

For example:

  • Status=’Active’, Category=’AntiVirus’ - Queries all AntiVirus security products with a status of Active.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default query includes all security products.

Policy setting: Query to exclude host WINDOWS FIREWALL rules

Defines one or more queries which can be used to exclude inbound and outbound Windows Firewall rules on the local host.

Firewall rules are excluded from the properties if they match all of the constraints within any of the queries.

Firewall rules must be enabled, allowed and assigned to an active profile to be included within the results.

Available constraints include:

  • Text constraints for Name, Description, Group, Program, Service, Package, PackageName, PackageDescription, PackageFullName and PortName.
  • Enum constraint for Type with values Program, Package, Service, System and Any.
  • Enum constraint for Direction with values Inbound and Outbound.
  • Enum constraints for Protocol with values Any, HOPOPT, ICMPv4, IGMP, TCP, UDP, IPv6 IPv6Route, IPv6Frag, GRE, ICMPv6, IPv6NoNxt, IPv6Opts, VRRP, PGM, L2TP, or any protocol number from http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml.
  • Enum constraints for Profile with values Domain, Private, Public.
  • Number constraint for Port, with additional option to use * to match rules that target any port.

For example:

  • Direction=’Inbound’, Program=’*\MyApp.exe’, Port>=3000, Port<=3002 - Excludes all inbound traffic to MyApp.exe to ports 3000, 3001 and 3002.

For full details, please see deviceTRUST Property Queries within the deviceTRUST documentation.

The default value does not filter the Firewall rules.

Policy setting: Filter host ACCESS POINT ssid, bssid, speed, quality, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_ACCESSPOINT_COUNT
  • HOST_ACCESSPOINT_X_SSID
  • HOST_ACCESSPOINT_X_BSSID
  • HOST_ACCESSPOINT_X_STRENGTH
  • HOST_ACCESSPOINT_X_QUALITY
  • HOST_ACCESSPOINT_X_FREQUENCY
  • HOST_ACCESSPOINT_X_SECURE

Policy setting: Filter host CELLULAR network, country, roaming, model, vendor, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_CELLULAR_TYPE
  • HOST_CELLULAR_CLASS
  • HOST_CELLULAR_ID
  • HOST_CELLULAR_ROAMING
  • HOST_CELLULAR_COUNTRY
  • HOST_CELLULAR_COUNTRY_CODE
  • HOST_CELLULAR_NETWORK
  • HOST_CELLULAR_NETWORK_CODE
  • HOST_CELLULAR_PRODUCT
  • HOST_CELLULAR_VENDOR

Policy setting: Filter host CERTIFICATE store, name, issuer, subject, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_CERTIFICATE_COUNT
  • HOST_CERTIFICATE_X_STORE
  • HOST_CERTIFICATE_X_LOCATION
  • HOST_CERTIFICATE_X_VERSION
  • HOST_CERTIFICATE_X_NAME
  • HOST_CERTIFICATE_X_SUBJECT
  • HOST_CERTIFICATE_X_ISSUER
  • HOST_CERTIFICATE_X_SIGNATUREALGORITHM
  • HOST_CERTIFICATE_X_SERIALNUMBER
  • HOST_CERTIFICATE_X_THUMBPRINT_SHA256
  • HOST_CERTIFICATE_X_TEMPLATE
  • HOST_CERTIFICATE_X_NOTBEFORE
  • HOST_CERTIFICATE_X_NOTAFTER
  • HOST_CERTIFICATE_X_USAGE
  • HOST_CERTIFICATE_X_EXTENDEDUSAGE
  • HOST_CERTIFICATE_X_VERIFICATIONERROR
  • HOST_CERTIFICATE_X_ROOT_NAME
  • HOST_CERTIFICATE_X_ROOT_THUMBPRINT_SHA256
  • HOST_CERTIFICATE_X_POLICIES
  • HOST_CERTIFICATE_X_TPM_KEY_ATTESTATION

Policy setting: Filter host DEVICETRUST version number, connected, license, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to always request the property. Available properties:

  • HOST_DEVICETRUST_VERSION
  • HOST_DEVICETRUST_CONNECTED
  • HOST_DEVICETRUST_LICENSE_VALID
  • HOST_DEVICETRUST_LICENSE_UNIT
  • HOST_DEVICETRUST_LICENSE_TYPE
  • HOST_DEVICETRUST_LICENSE_COUNT
  • HOST_DEVICETRUST_LICENSE_ISSUEDATE
  • HOST_DEVICETRUST_LICENSE_EXPIRYDATE

Policy setting: Filter host DISPLAY capabilities

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_DISPLAY_COUNT
  • HOST_DISPLAY_X_NAME
  • HOST_DISPLAY_X_WIDTH
  • HOST_DISPLAY_X_HEIGHT
  • HOST_DISPLAY_X_BPP
  • HOST_DISPLAY_X_DPI
  • HOST_DISPLAY_X_MONITOR_VENDOR
  • HOST_DISPLAY_X_MONITOR_PRODUCT
  • HOST_DISPLAY_X_MONITOR_SERIALNUMBER
  • HOST_DISPLAY_X_MONITOR_EXTERNAL
  • HOST_DISPLAY_X_ADAPTER_VENDOR
  • HOST_DISPLAY_X_ADAPTER_PRODUCT

Policy setting: Filter host DOMAIN, name, dns, id, join

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_DOMAIN_NAME
  • HOST_DOMAIN_DNS
  • HOST_DOMAIN_ID
  • HOST_DOMAIN_JOIN

Policy setting: Filter host HARDWARE vendor, model, cpu, memory, bios, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_HARDWARE_VENDOR
  • HOST_HARDWARE_MODEL
  • HOST_HARDWARE_CPU
  • HOST_HARDWARE_CPU_SPEED
  • HOST_HARDWARE_CPU_COUNT
  • HOST_HARDWARE_SYSTEMMEMORY
  • HOST_HARDWARE_BIOS_SERIAL
  • HOST_HARDWARE_BIOS_VERSION
  • HOST_HARDWARE_BIOS_RELEASEDATE
  • HOST_HARDWARE_VIRTUALIZATION
  • HOST_HARDWARE_SECUREBOOT
  • HOST_HARDWARE_ROLE
  • HOST_HARDWARE_LID

Policy setting: Filter host INPUT keyboard, mouse, pen and touch

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_INPUT_KEYBOARD
  • HOST_INPUT_MOUSE
  • HOST_INPUT_PEN
  • HOST_INPUT_TOUCH

Policy setting: Filter host LOCATION position, address, etc

Enables or disables location properties of the host.

Location properties are subject to the policies within the deviceTRUST\Properties\Location folder.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_LOCATION_ACCURACY
  • HOST_LOCATION_URL
  • HOST_LOCATION_COUNTRY
  • HOST_LOCATION_POSTCODE
  • HOST_LOCATION_STATE
  • HOST_LOCATION_COUNTY
  • HOST_LOCATION_TOWN
  • HOST_LOCATION_STREET
  • HOST_LOCATION_BUILDING
  • HOST_LOCATION_PROVIDER
  • HOST_LOCATION_SOURCE
  • HOST_LOCATION_POSITION

Policy setting: Filter host LOGICAL DISK type, label, file system, free space, vendor, product, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_LOGICALDISK_COUNT
  • HOST_LOGICALDISK_X_TYPE
  • HOST_LOGICALDISK_X_LABEL
  • HOST_LOGICALDISK_X_FLAGS
  • HOST_LOGICALDISK_X_HIDDEN
  • HOST_LOGICALDISK_X_FILESYSTEM
  • HOST_LOGICALDISK_X_DRIVE
  • HOST_LOGICALDISK_X_PATH
  • HOST_LOGICALDISK_X_TOTALMB
  • HOST_LOGICALDISK_X_FREEMB
  • HOST_LOGICALDISK_X_NAME
  • HOST_LOGICALDISK_X_VENDOR_ID
  • HOST_LOGICALDISK_X_PRODUCT_ID
  • HOST_LOGICALDISK_X_SERIALNUMBER
  • HOST_LOGICALDISK_X_BUSTYPE
  • HOST_LOGICALDISK_X_ENCRYPTED
  • HOST_LOGICALDISK_X_FREE
  • HOST_LOGICALDISK_X_SYSTEM

Policy setting: Filter host MAPPED DRIVE local, remote, user, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_MAPPEDDRIVE_COUNT
  • HOST_MAPPEDDRIVE_X_DRIVE
  • HOST_MAPPEDDRIVE_X_SERVER
  • HOST_MAPPEDDRIVE_X_SHARE
  • HOST_MAPPEDDRIVE_X_HIDDEN
  • HOST_MAPPEDDRIVE_X_USER
  • HOST_MAPPEDDRIVE_X_PROVIDER

Policy setting: Filter host NAME, id, dns, sid, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_NAME
  • HOST_NAME_DNS
  • HOST_NAME_DN
  • HOST_ID
  • HOST_NAME_SID

Policy setting: Filter host NETWORK ipv4, ipv6, mac, dns, wifi, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_NETWORK_COUNT
  • HOST_NETWORK_X_STATUS
  • HOST_NETWORK_X_NAME
  • HOST_NETWORK_X_DESCRIPTION
  • HOST_NETWORK_X_TYPE
  • HOST_NETWORK_X_MAC
  • HOST_NETWORK_X_DNS
  • HOST_NETWORK_X_DNS_SUFFIX
  • HOST_NETWORK_X_GATEWAY
  • HOST_NETWORK_X_GATEWAY_MAC
  • HOST_NETWORK_X_WINS
  • HOST_NETWORK_X_SPEED
  • HOST_NETWORK_X_DHCP_ENABLED
  • HOST_NETWORK_X_DHCP_SERVER
  • HOST_NETWORK_X_DHCP_LEASE
  • HOST_NETWORK_X_DHCP_EXPIRES
  • HOST_NETWORK_X_WIFI_SSID
  • HOST_NETWORK_X_WIFI_BSSID
  • HOST_NETWORK_X_WIFI_STRENGTH
  • HOST_NETWORK_X_WIFI_SECURITY
  • HOST_NETWORK_X_CATEGORY
  • HOST_NETWORK_X_VIRTUAL
  • HOST_NETWORK_X_IPV4
  • HOST_NETWORK_X_IPV6
  • HOST_NETWORK_X_IPV4_SUBNET
  • HOST_NETWORK_X_IPV6_SUBNET

Policy setting: Filter host OS name, version, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_OS_NAME
  • HOST_OS_DESCRIPTION
  • HOST_OS_VERSION
  • HOST_OS_TYPE
  • HOST_OS_PLATFORM
  • HOST_OS_ID
  • HOST_OS_RELEASE
  • HOST_OS_STARTUPTIME

Policy setting: Filter host PASSWORD POLICY min and max age, length, history, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_POLICY_PASSWORD_MINAGE
  • HOST_POLICY_PASSWORD_MAXAGE
  • HOST_POLICY_PASSWORD_FORCELOGOFF
  • HOST_POLICY_PASSWORD_MINLENGTH
  • HOST_POLICY_PASSWORD_HISTORY

Policy setting: Filter host PERFORMANCE, including bandwidth and latency

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_PERFORMANCE_LATENCY
  • HOST_PERFORMANCE_LATENCY_SPEED
  • HOST_PERFORMANCE_BANDWIDTH
  • HOST_PERFORMANCE_BANDWIDTH_SPEED

Policy setting: Filter host POWER ac, battery, scheme

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_POWER_AC
  • HOST_POWER_BATTERY
  • HOST_POWER_SCHEME

Policy setting: Filter host PRINTER name, share, port, driver, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_PRINTER_COUNT
  • HOST_PRINTER_X_NAME
  • HOST_PRINTER_X_SERVER
  • HOST_PRINTER_X_DEFAULT
  • HOST_PRINTER_X_LOCAL
  • HOST_PRINTER_X_SHARE
  • HOST_PRINTER_X_PORT
  • HOST_PRINTER_X_LOCATION
  • HOST_PRINTER_X_DIRECTORY_PUBLISHED
  • HOST_PRINTER_X_KEEP_PRINT_JOBS
  • HOST_PRINTER_X_ERRORS
  • HOST_PRINTER_X_DRIVER
  • HOST_PRINTER_X_DRIVER_FILE
  • HOST_PRINTER_X_DRIVER_MANUFACTURER
  • HOST_PRINTER_X_DRIVER_VERSION

Policy setting: Filter host REGION time zone, language, locale, keyboard, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_REGION_TIMEZONE_OFFSET
  • HOST_REGION_LANGUAGE
  • HOST_REGION_LOCALE
  • HOST_REGION_KEYBOARD_LANGUAGE
  • HOST_REGION_KEYBOARD_LOCALE

Policy setting: Filter host REMOTE CONTROL active, protocol, remote ip, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to always request the property. Available properties:

  • HOST_REMOTECONTROL_ACTIVE
  • HOST_REMOTECONTROL_PROTOCOL
  • HOST_REMOTECONTROL_REMOTE_IP
  • HOST_REMOTECONTROL_REMOTE_NAME
  • HOST_REMOTECONTROL_REMOTE_PLATFORM
  • HOST_REMOTECONTROL_GATEWAY
  • HOST_REMOTECONTROL_GATEWAY_IP
  • HOST_REMOTECONTROL_REMOTE_VERSION
  • HOST_REMOTECONTROL_REMOTE_INSTALLPATH

Policy setting: Filter host SCREEN SAVER enabled, secure, timeout and filename

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_SCREENSAVER_ENABLED
  • HOST_SCREENSAVER_SECURE
  • HOST_SCREENSAVER_TIMEOUT
  • HOST_SCREENSAVER_FILENAME

Policy setting: Filter host SECURITY PRODUCT antispyware, antivirus, firewall, name, status, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_SECURITYPRODUCT_COUNT
  • HOST_SECURITYPRODUCT_X_NAME
  • HOST_SECURITYPRODUCT_X_CATEGORY
  • HOST_SECURITYPRODUCT_X_STATUS
  • HOST_SECURITYPRODUCT_X_TIMESTAMP

Policy setting: Filter host SESSION id, logon & connect time, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_SESSION_ID
  • HOST_SESSION_LOGON_ID
  • HOST_SESSION_LOGON_TIME
  • HOST_SESSION_CONNECT_ID
  • HOST_SESSION_CONNECT_TIME
  • HOST_SESSION_DELIVERY_TYPE
  • HOST_SESSION_DELIVERY_NAME
  • HOST_SESSION_IDLEPERIOD

Policy setting: Filter host SMARTCARDREADER name

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_SMARTCARDREADER_COUNT
  • HOST_SMARTCARDREADER_X_NAME

Policy setting: Filter host USER name, domain, local admin, auth, password age, groups, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_USER_NAME
  • HOST_USER_NAME_DOMAIN
  • HOST_USER_NAME_DOMAIN_DNS
  • HOST_USER_NAME_DN
  • HOST_USER_SID
  • HOST_USER_AUTH
  • HOST_USER_LOCALADMIN
  • HOST_USER_DOMAINLOGON
  • HOST_USER_CACHEDCREDENTIALS
  • HOST_USER_PASSWORD_AGE
  • HOST_USER_PASSWORD_AUTOLOGON
  • HOST_USER_AUTH_PROVIDER
  • HOST_USER_AUTH_PRINCIPAL
  • HOST_USER_GROUPS
  • HOST_USER_ATTRIBUTE_COUNT
  • HOST_USER_ATTRIBUTE_X_NAME
  • HOST_USER_ATTRIBUTE_X_VALUE

Policy setting: Filter host WHOIS ip, dns, isp and country

Enables or disables whois properties of the host.

Whois properties are subject to the policies within the deviceTRUST\Properties\Whois folder.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_WHOIS_IP
  • HOST_WHOIS_DNS
  • HOST_WHOIS_ISP
  • HOST_WHOIS_COUNTRY

Policy setting: Filter host WINDOWS user access control, smartscreen

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_WINDOWS_SMARTSCREEN_EXPLORER
  • HOST_WINDOWS_SMARTSCREEN_EDGE
  • HOST_WINDOWS_SMARTSCREEN_STORE
  • HOST_WINDOWS_UAC_ENABLED
  • HOST_WINDOWS_UAC_POLICY

Policy setting: Filter host WINDOWS DEFENDER status, last scan, versions, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_WINDOWSDEFENDER_STATUS
  • HOST_WINDOWSDEFENDER_LASTQUICKSCAN
  • HOST_WINDOWSDEFENDER_LASTFULLSCAN
  • HOST_WINDOWSDEFENDER_SIGNATURETHREATS
  • HOST_WINDOWSDEFENDER_BEHAVIORTHREATS
  • HOST_WINDOWSDEFENDER_VERSION_ENGINE
  • HOST_WINDOWSDEFENDER_VERSION_ANTIMALWARE
  • HOST_WINDOWSDEFENDER_VERSION_ANTIVIRUS
  • HOST_WINDOWSDEFENDER_VERSION_ANTISPYWARE
  • HOST_WINDOWSDEFENDER_VERSION_NETWORKENGINE
  • HOST_WINDOWSDEFENDER_VERSION_NETWORKDEFINITION
  • HOST_WINDOWSDEFENDER_REALTIMEPROTECTION
  • HOST_WINDOWSDEFENDER_TAMPERPROTECTION
  • HOST_WINDOWSDEFENDER_CLOUDPROTECTION
  • HOST_WINDOWSDEFENDER_SAMPLESUBMISSION
  • HOST_WINDOWSDEFENDER_CONTROLLEDFOLDERACCESS
  • HOST_WINDOWSDEFENDER_EXCLUSIONS_PATHS
  • HOST_WINDOWSDEFENDER_EXCLUSIONS_EXTENSIONS
  • HOST_WINDOWSDEFENDER_EXCLUSIONS_PROCESSES

Policy setting: Filter host WINDOWS FIREWALL profile settings, rules, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_WINDOWSFIREWALL_ACTIVEPROFILES_NAME
  • HOST_WINDOWSFIREWALL_ACTIVEPROFILES_DISABLED
  • HOST_WINDOWSFIREWALL_ACTIVEPROFILES_BLOCKALLINBOUND
  • HOST_WINDOWSFIREWALL_ACTIVEPROFILES_INBOUNDALLOWED
  • HOST_WINDOWSFIREWALL_ACTIVEPROFILES_OUTBOUNDALLOWED
  • HOST_WINDOWSFIREWALL_ACTIVEPROFILES_DISABLEDNOTIFICATIONS
  • HOST_WINDOWSFIREWALL_ACTIVEPROFILES_RESPONDTOMULTICAST
  • HOST_WINDOWSFIREWALL_INBOUNDRULES_PROGRAMS
  • HOST_WINDOWSFIREWALL_INBOUNDRULES_PACKAGES
  • HOST_WINDOWSFIREWALL_INBOUNDRULES_SERVICES
  • HOST_WINDOWSFIREWALL_INBOUNDRULES_SYSTEM
  • HOST_WINDOWSFIREWALL_INBOUNDRULES_ANY
  • HOST_WINDOWSFIREWALL_OUTBOUNDRULES_PROGRAMS
  • HOST_WINDOWSFIREWALL_OUTBOUNDRULES_PACKAGES
  • HOST_WINDOWSFIREWALL_OUTBOUNDRULES_SERVICES
  • HOST_WINDOWSFIREWALL_OUTBOUNDRULES_SYSTEM
  • HOST_WINDOWSFIREWALL_OUTBOUNDRULES_ANY

Policy setting: Filter host WINDOWS REGISTRY count, path, value and data

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_WINDOWSREGISTRY_COUNT
  • HOST_WINDOWSREGISTRY_X_PATH
  • HOST_WINDOWSREGISTRY_X_VALUE
  • HOST_WINDOWSREGISTRY_X_DATA

Policy setting: Filter host WINDOWS UPDATE status, last install, pending updates, etc

Enables or disables individual properties of the host.

For more filter details, please see deviceTRUST Property Filters within the deviceTRUST documentation.

When enabled, we always request the property, overriding whether it is used within policy.

When disabled, we never request the property, overriding whether it is used within policy.

The default behavior is to only request the property when it is used within policy. Available properties:

  • HOST_WINDOWSUPDATE_ENABLED
  • HOST_WINDOWSUPDATE_VERSION
  • HOST_WINDOWSUPDATE_REBOOTREQUIRED
  • HOST_WINDOWSUPDATE_NOTIFICATIONLEVEL
  • HOST_WINDOWSUPDATE_LASTSEARCH
  • HOST_WINDOWSUPDATE_LASTINSTALL
  • HOST_WINDOWSUPDATE_DEFINITION
  • HOST_WINDOWSUPDATE_CRITICAL
  • HOST_WINDOWSUPDATE_SECURITY
  • HOST_WINDOWSUPDATE_ROLLUP
  • HOST_WINDOWSUPDATE_SERVICEPACK
  • HOST_WINDOWSUPDATE_UPDATE
  • HOST_WINDOWSUPDATE_DEFINITION_RELEASEDATE
  • HOST_WINDOWSUPDATE_CRITICAL_RELEASEDATE
  • HOST_WINDOWSUPDATE_SECURITY_RELEASEDATE
  • HOST_WINDOWSUPDATE_ROLLUP_RELEASEDATE
  • HOST_WINDOWSUPDATE_SERVICEPACK_RELEASEDATE
  • HOST_WINDOWSUPDATE_UPDATE_RELEASEDATE