Skip to main content

Creating policies

You can create policies either by adding a new one or duplicating (cloning) an existing policy.

To create a security policy:

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Choose the type of endpoint that you want from the views selector.

  4. Choose the policy creation method:

    • Add a new policy.

      • Click the add.pngAdd button at the upper side of the table.

        This command creates a new policy starting from the default policy template.

    • Clone an existing policy.

      1. Select the check box of the policy you want to duplicate.

      2. Click the clone.pngClone button at the upper side of the table.

        For details about cloning policies with configuration profiles, refer to this section.

  5. Configure the policy settings. For detailed information, refer to:

  6. Configure the policy settings. For detailed information, refer to Configuring computer and virtual machine policies.

  7. Click Save to create the policy and return to the policies list.

    You cannot save a policy that contains invalid data. When trying to do so, a specific message appears in lower right-corner of the screen indicating which section has issues. At the moment, the message covers only the Sandbox Analyzer > Endpoint Sensor section.

Watch a full video tutorial on the topic here:

When defining policies to be used in VMware NSX, besides configuring the antimalware protection settings in GravityZoneControl Center, you also need to create a policy in NSX, instructing it to use the GravityZone policy as a service profile. To create an NSX security policy:

  1. Log in to vSphere Web Client.

  2. Go to Network & Security > Service Composer > Security Policies tab.

  3. Click the Create Security Policy button in the toolbar at the upper side of the policies table. The configuration window is displayed.

  4. Enter the name of the policy and then click Next.

    Optionally you can also add a short description.

  5. Click the Add Guest Introspection service button at the upper side of the table. The Guest Introspection Service configuration window is displayed.

  6. Enter the name and description of the service.

  7. Leave the default action selected, to allow the Bitdefender service profile to be applied on the security group.

  8. From the Service Name menu, select Bitdefender.

  9. From the Service Profile menu, select an existing GravityZone security policy.

  10. Leave the default values of the State and Enforce options.

    Note

    For more information on the security policy settings, refer to VMware NSX documentation.

  11. Click OK to add the service.

  12. Click Next until the last step and then click Finish.

Cloning policies with configuration profiles

When you clone a policy, you create a new one with the same settings as the original, including configuration profiles. These profiles consist of exclusions, maintenance windows, and Web Access Control schedules.

When cloning a policy, the new policy automatically inherits the original configuration profiles. However, exclusion lists, maintenance windows, and Web Access Control schedules are not duplicated; instead, the same profiles are shared between both policies.

To monitor all exclusions, exclusion lists, maintenance windows, and Web Access Control schedules, go to the Policies > Configuration profiles section.

To monitor the assignment of the configuration profiles in the policy:

  • For exclusions, go to Antimalware > Settings.

  • For maintenance windows, go to Patch Management.

  • For Web Access Control schedules, go to Network Protection > Content Control.