9.1 All Security Conditions
The security monitoring feature allows administrators to set various security conditions. Clients that fail to meet these conditions can be blocked from the network or denied access through the gateway.
Administrators can predefine security conditions to simplify the creation of security policies. When setting a policy, they can directly select from predefined security condition categories.
Go to Security Monitoring → Security Conditions to open the security condition categories window and configure conditions.
| Operation |
Description |
| New |
Select Operation → New from the menu to create a new security condition. Enter a non-empty name and configure the required checks to complete the creation. |
| Copy |
Select an existing security condition, right-click and choose Copy, or use Operation → Copy from the menu to duplicate it as a new condition. |
| Export |
Select the Security Condition Category node in the left view. The right view displays all conditions. Select one or more conditions and click the  icon on the toolbar to save them. Exported files are in XML format only. |
| Import |
Click the Import icon  on the toolbar and select a previously exported XML file to import security conditions successfully. |
Available security checks include: antivirus software, software installation, program verification, system services, system patches, and other custom checks.
9.1.1 Security Condition Categories
Differentiate between Windows, Mac, Linux, and domestic Xinchuang systems. Security condition categories can be configured according to system type and specific requirements.
9.1.2 Antivirus Software Check
The antivirus check verifies the installation and status of antivirus software on client machines.
Settings:
| Setting |
Description |
| Must Run Antivirus |
Enable this option to activate antivirus checks. Only when selected can Must Run at Least One of the Following Antivirus and Virus Database Up to Date be edited and take effect. |
| Must Run at Least One of the Following Antivirus |
When antivirus check is enabled:
- - Unchecked: Any installed antivirus satisfies the requirement.
- - Checked: At least one antivirus selected from the list must be installed.
- - If the list is empty or none are selected, any installed antivirus satisfies the requirement.
|
| Virus Database Up to Date |
When antivirus check is enabled:
- - Unchecked: Virus database version is not verified.
- - Checked: The virus database must be updated to the latest version to pass the check.
|
| Description |
Enter text to display as a warning when a client fails the antivirus check. If Show Check Results is enabled in the security policy, the client will receive the check result along with this description. |
Adding Antivirus Software
The antivirus list is empty by default and must be manually populated by the administrator.
1. Click the Add button.
2. Enter the antivirus name manually (cannot be empty; wildcards are supported), or select from the dropdown list of available antivirus software.
3. Optionally, enter remarks.
4. Click OK to complete the addition.
9.1.3 Software Installation Check
The software installation check verifies the installation status of software on client machines.
The settings interface includes two lists:
- Must Install Software (the first list)
- Prohibited Software (the second list)
The specific settings are described as follows:
| Setting |
Description |
| Must Install All of the Following Software |
Select this option to require that all software in the "Must Install" list be installed to meet the check requirement. If the list is empty or no software is selected, no check is performed. |
| Install Any of the Following Software |
Select this option to require that at least one software in the "Must Install" list be installed to meet the check requirement. If the list is empty or no software is selected, no check is performed. |
| Prohibited Software |
All selected software in the "Prohibited" list must not be installed to meet the check requirement. If the list is empty or no software is selected, no check is performed. |
| Description |
Enter text to display as a warning when a client fails the software installation check. If Show Check Results is enabled in the security policy, the client will receive the check result along with this description. |
Adding Software to Lists
The Must Install and Prohibited software lists are empty by default and must be manually populated by the administrator. Both lists are added in the same way.
Click the Add button in the dialog to add software. There are two methods:
Add from Database
The database list displays software information collected by the server. Select the desired software directly, or use search filters to find and select specific software.
Manual Addition
If the required software is not in the database, it can be added manually. Click the Add button 
and enter the software's check attributes to complete the addition.
The software attribute settings are described as follows:
| Attribute |
Description |
| Software Name |
Enter the software name; wildcards are supported. This field cannot be empty. |
| Company Name |
Enter the software's company name; wildcards are supported. This field can be left empty, in which case the company name is not checked. |
| Operator |
Select an operator from the dropdown. This is only available if a software version is entered. If the version field is empty, the operator is cleared. |
| Version |
Enter the software version. Combined with the operator, it defines the matching condition (e.g., ==3.58.1204 means the software version must equal 3.58.1204). |
9.1.4 Program Check
The program check verifies the running status of programs on client machines.
The settings interface contains two lists:
- Must Run Programs (the first list)
- Prohibited Programs (the second list)
The specific settings are described as follows:
| Setting |
Description |
| Must Run All of the Following Programs |
Select this option to require that all programs in the "Must Run" list be running to meet the check requirement. If the list is empty or no programs are selected, no check is performed. |
| Run Any of the Following Programs |
Select this option to require that at least one program in the "Must Run" list be running to meet the check requirement. If the list is empty or no programs are selected, no check is performed. |
| Prohibited Programs |
All selected programs in the "Prohibited" list must not be running to meet the check requirement. If the list is empty or no programs are selected, no check is performed. |
| Description |
Enter text to display as a warning when a client fails the program check. If Show Check Results is enabled in the security policy, the client will receive the check result along with this description. |
Adding Programs to Lists
The Must Run and Prohibited program lists are empty by default and must be manually populated by the administrator. Both lists are added in the same way.
Click the Add button in the dialog to open the addition window. Enter the program's check attributes as described below.
The program attribute settings are described as follows:
| Attribute |
Description |
| Program Name |
Enter the program name; wildcards are supported. This field cannot be empty. |
| Operator |
Select an operator from the dropdown. This option is only available if a program version is entered. If the version field is empty, the operator is cleared. |
| Program Version |
Enter the program version. Combined with the operator, it defines the matching condition (e.g., ==3.58.1204 means the program version must equal 3.58.1204). |
| Remarks |
Optional notes; these are not used as matching criteria. |
9.1.5 System Service Check
The system service check monitors the running status of services on client machines.
The settings interface contains two lists:
- Must Run Services (the first list)
- Prohibited Services (the second list)
The specific settings are described as follows:
| Setting |
Description |
| Must Run All of the Following Services |
Select this option to require that all services in the "Must Run" list be running to meet the check requirement. If the list is empty or no services are selected, no check is performed. |
| Run Any of the Following Services |
Select this option to require that at least one service in the "Must Run" list be running to meet the check requirement. If the list is empty or no services are selected, no check is performed. |
| Prohibited Services |
All selected services in the "Prohibited" list must not be running to meet the check requirement. If the list is empty or no services are selected, no check is performed. |
| Description |
Enter text to display as a warning when a client fails the system service check. If Show Check Results is enabled in the security policy, the client will receive the check result along with this description. |
Adding Services to Lists
The Must Run and Prohibited service lists are empty by default and must be manually populated by the administrator. Both lists are added in the same way.
1. Click the Add button to open the addition dialog.
2. Enter the system service name (cannot be empty; wildcards supported).
3. Optionally, enter remarks.
4. Click OK to complete the addition.
Note:
- When adding a service, enter the service name, not the display name.
9.1.6 System Patch Check
The system patch check verifies the installation status of system patches on client machines.
The specific settings are described as follows:
| Setting |
Description |
| Check the Following System Patches |
All selected patches in the system patch list must be installed to meet the check requirement. If the list is empty or no patches are selected, no check is performed. |
| Description |
Enter text to display as a warning when a client fails the system patch check. If Show Check Results is enabled in the security policy, the client will receive the check result along with this description. |
Adding System Patches to the List
The system patch list is empty by default and must be manually populated by the administrator.
Click the Add button in the dialog to open the addition window. There are two methods to add patches:
Add from Database
The database displays patch information collected by the server. Select the required patches directly, or use search filters to find and select specific patches.
Manual Addition
If the required patch is not in the database, it can be added manually. Click the Add button and enter the patch attributes.
The attribute settings are described as follows:
| Attribute Setting |
Description |
| Patch ID |
The patch ID must be entered as a positive integer. |
| Name |
The patch name, optional. |
| Notes |
Additional notes as needed; not used as a matching condition. |
9.1.7 Domain User Identity Check
The domain user identity check verifies whether the client machine is logged in with the specified domain user account.
Configuration items are described as follows:
| Setting |
Description |
| Enable Domain User Identity Check |
Enables the domain user identity check. Only when selected can the "Required Domain Users" and "Prohibited Domain Users" settings be edited and applied. |
| Required Domain Users |
Active only when the identity check is enabled. Cannot be empty. Default is *, meaning any domain user is allowed. Format: DomainName\Username. Wildcards are supported. The client must log in with one of the listed domain users to pass the check. |
| Prohibited Domain Users |
Active only when the identity check is enabled. Default is empty. Format: DomainName\Username. Wildcards are supported. The client passes the check only if the logged-in domain user is not listed here. |
| Notes |
Enter a message to display when the client fails the identity check. If "Show Detection Results" is enabled in the security policy, the client will see both the failure result and this message. |
9.1.8 Other Checks
Other checks verify conditions such as client files, registry entries, and similar system elements.
Detailed Settings Description:
| Setting |
Description |
| Check Conditions |
The client passes only if all selected conditions in the list are met. If the list is empty or no conditions are selected, no additional checks are performed. |
| Notes |
Enter a message to display when the client fails these checks. If "Show Detection Results" is enabled in the security policy, the client will see both the failure result and this message. |
Adding Other Check Conditions
The other check conditions list is empty by default and must be manually populated by the administrator.
Click the Add button to open the dialog. Select the type and operator, then enter the specific file name, registry key, or value. Click OK to complete the addition.
Type Settings Description:
| Setting |
Description |
| File |
Checks whether a specific file exists. Enter the full path. |
| File Version |
Checks a file along with its version. Enter the full path. |
| Registry Key |
Checks whether a specific registry key exists. |
| Registry Value |
Checks a registry key and its value for more precise verification. |
Note:
- The file path string for a condition can include predefined macros, such as:
- "tmp" - temp folder(c:\windows\temp)
- "win" - windows directory(c:\windows)
- "sys" - system directory(c:\windows\system32)
- "pf" - program files(c:\program files)
- "sd" - system drive(c:\)
- "cf" - common files(c:\program files\common files)
Don't see what you're looking for?
