Security Compliance determines whether agents and their parent domains in the agent tree have the same settings. The settings may not be consistent if you move any agents to another domain that is applying a different set of settings, or if any agent user with certain privileges manually configured settings on the Security Agent console.

Apex One verifies the following settings:

  • Scan Method

  • Manual Scan Settings

  • Real-time Scan Settings

  • Scheduled Scan Settings

  • Scan Now Settings

  • Privileges and Other Settings

  • Additional Service Settings

  • Web Reputation

  • Behavior Monitoring

  • Device Control

  • Spyware/Grayware Approved List

  • Data Loss Prevention Settings

  • Suspicious Connection

  • Trusted Program List

  • Sample Submission

  • Predictive Machine Learning

A non-compliant agent is counted at least twice in the Compliance Report.

  • In the Endpoints with Inconsistent Configuration Settings category

  • In the category for which the agent is non-compliant. For example, if the scan method settings in the agent and its parent domain are not consistent, the agent is counted in the Scan Method category. If more than one set of settings is inconsistent, the agent is counted in each category for which it is non-compliant.

To resolve the setting inconsistencies, apply domain settings to the agent.