Client Access Control
-
Client access control lets you password-protect Xcitium Client Security (XCS) , communication client (CC) and and agent removal tool on managed endpoints.
-
Once set, users will need to enter a password to access important areas of the client interface.You can able to set separate passwords for CCC ,XCS and agent removal tool in profile section
-
This stops users from opening the clients locally and making changes to important tasks and settings. Without password protection, the endpoint user can access the client interface and make changes.
Implement access control
-
Click 'Assets' > 'Configuration Templates' > 'Profiles'
-
Open the Windows profile you want to work on
Click the 'Client Access Control' tab then 'Edit', if it has already been added to the profile
OR
Click 'Add Profile Section' > 'Client Access Control' if it hasn't yet been added
-
Apply password protection settings for - Specify which clients you want to password protect.
Xcitium Client - Security - Password protects the settings interface and the 'Task' interfaces for antivirus, firewall, HIPS and containment.
Users can still run some limited tasks, including on-demand virus scans, open the virtual desktop, and run programs in the container.
Communication Client - Password protects important settings, including the ability to configure a proxy for the client to connect to the Xcitium console.
Users can still submit support tickets to Service Desk from the tray icon without requiring the password.Agent Removal Tool - Password protects to prevent the unauthorized access to remove the agents and the important settings
-
Require Password - select the type of password required to access XCS and/or CC:
-
Computer administrator - admins can access the local interfaces by providing their admin password. If the admin is already logged into the machine then they can open the interfaces without providing a password.
-
Custom password - specify a unique key to access the XCS / CC interfaces. The password will time-out and need to be re-entered after 15 minutes.
Note : Password protection will apply only if you enable the settings of password protection for XCS,CCC and Agent Removal Tool.
If you select 'Custom password' but not 'Computer administrator', then even admins will need to enter the custom password to access the clients.
The tables below summarize how the passwords work together for admins and regular users:
Admin logged-in |
|||
---|---|---|---|
Admin password enabled |
Yes |
No |
Yes |
Custom password enabled |
Yes |
Yes |
No |
Requirements |
No password needed |
Custom password required |
No password needed |
Admin not logged-in / Standard user logged-in |
|||
---|---|---|---|
Admin password enabled |
Yes |
No |
Yes |
Custom password enabled |
Yes |
Yes |
No |
Requirements |
Either password |
Custom password required |
Admin password required |
-
Enable local user to override profile configuration - Xcitium will not reverse local settings that are different to those in the endpoint's profile. You must enable password protection if you want to use this option.
Background - Xcitium periodically checks devices to see if the local XCS settings match those in the device's profile. It will undo any local changes unless you enable this setting.
This is useful if you need to implement specific settings on a certain device.
-
Click 'Save' to apply your changes to the profile.
While you're here
The following is a list of other settings you should consider if you want to lock-down XCS on endpoints:
User
Interface settings - 'Assets' > 'Configuration
Templates' > 'Profiles' > Add profile section > 'UI
Settings'
-
Hide the CCC and XCS tray icons
-
Manage the visibility of other UI items
Antivirus settings - 'Assets' > 'Configuration Templates' > 'Profiles' > Add profile section > 'Antivirus'
-
Disable 'Show Antivirus alerts' *
-
Enable 'Do not show auto-scan alerts' *
-
Enable 'Automatically clean threats' (when you create a scheduled scan) *
-
Disable 'Show scan results' (when you create a scheduled scan)*
Firewall settings - 'Assets' > 'Configuration Templates' > 'Profiles' > Add profile section > 'Firewall'
-
Disable 'Show popup alerts' *
HIPS settings - 'Assets' > 'Configuration Templates' > 'Profiles' > Add profile section > 'HIPS'
-
Enable 'Do not show popup alerts' *
Containment settings - 'Assets' > 'Configuration Templates' > 'Profiles' > Add profile section > 'Containment'
-
Enable 'Do not show privilege elevations alerts' *
VirusScope settings - 'Assets' > 'Configuration Templates' > 'Profiles' > Add profile section > 'VirusScope'
-
Disable 'Show popup alerts' *
File rating Settings - 'Assets' > 'Configuration Templates' > 'Profiles' > Add profile section > 'File Rating'
-
Disable 'Show cloud alert' *
External device control - 'Assets' > 'Configuration Templates' > 'Profiles' > Add profile section > 'External Device Control'
-
Disable 'Show notifications when devices disabled or enabled' *
* This setting is already enforced in the 'Default' Windows profile that ships with Xcitium.