Global Policies in the Hub

This Article Applies to:

  • Business Hub
  • Avast Business Cloud Console

Starting December 16th, 2020, customers using the Beta Business Hub will be able to create and manage policies across their entire network, and for specific sites or customers.

As a result of this change, any customers with the standalone Avast Business Cloud Console will only be able to edit their policies via the Hub.

Main Benefits

  • Configure policies on a single page
  • Apply policies to all devices regardless of operating system
  • Create and manage exclusions in one place
  • Create site- or customer-specific exclusions when opening a Global Policy from the site's Policies tab
  • Utilize predefined settings for Workstations and Servers

What to Expect

Existing policies will have the following alterations to enable this shift:

  • Policies with settings for multiple operating systems will be separated into multiple policies based on the operating system
    • Example: If you have one policy with different settings for Windows Workstations, Windows Servers, and MacOS X, you will see three different policies. These policies will include the operating system type at the end for your reference.
  • Policy names will remain the same
  • All devices will be automatically assigned policies based on their operating system
    • Example: Windows Workstations that were using a policy with settings for Workstations, Servers, and MacOS X will be assigned to the policy for Workstations

Creating a New Global Policy

  1. Open the Hub
  2. Click the Policies tab
  3. Click + Policy
  4. Enter the name you would like to use for the policy
  5. If desired, enter a description for the policy
  6. Choose whether to base the new policy from a predetermined Avast policy or an existing policy, then make a selection in the drop-down menu
  7. Click Create

Configuring Your Policy

Once you have created a policy, you can edit the settings by clicking its name in the table. A drawer will open with five tabs, and a few buttons at the top. You can use these buttons to revert the policy to its original settings, or to duplicate it. If you want to delete your policy, you can do so by clicking the three dots and selecting Delete Policy.

Overview

This tab provides some brief details about the policy. You can edit the description by clicking the pencil icon. You can also see when the policy was created and last updated.

General Settings

  • General Settings: using the toggles, enable or disable Password Protection, Silent Mode, Reputation Services, Debug Logging, Avast Tray Icon, and Scan of External Drives. You can also choose which version of Avast Business Antivirus the assigned devices will use by typing either a version number, "latest", or "stable" in the Version Switch section.
  • Updates: select either Automatic or Manual updates for your Virus definitions and Program (see Configuring Virus Definition and Antivirus Updates). If needed, you can configure the settings for a proxy to be used during updates (see Configuring Proxy Settings for Devices).
  • Troubleshooting: using the toggles, enable or disable Anti-rootkit Monitor, Avast Self-defense Module, Limited Program Access for Guest Accounts, and Hardware-assisted Virtualization. You can also enter the details for your mail ports.
  • Restart Options: select when to restart endpoint devices between only when needed by the Antivirus or Patch Management service, automatically, when user logs off, or not at all. For more information on these options, see Configuring Restarts and Cache Clearance.

Service Settings

Antivirus

  • General Settings: enable or disable CyberCapture and Hardened mode
  • Antivirus Scans: set the frequency and schedule for Quick and Full System Antivirus Scans. For more information, see Device Scanning Tasks
  • Antivirus Protection: enable, disable, and configure settings for the main protection components
  • Data Protection: enable, disable, and configure settings for this category of components
  • Identity Protection: enable, disable, and configure settings for this category of components

For more information on these components, see Component Overview. You can access the settings for configurable components by clicking the drop-down arrow beside its name.

Patch Management

  • Patch Scans and Deployments: set the frequency of scans for missing patches, and whether or not to deploy missing patches immediately, on a specific schedule, or manually
  • Other Settings: select when to clear the local patch files on the end device

For more information on Patch Management's various settings, see Patch Management in the Business Hub and Avast Business Cloud Console.

Firewall

  • Firewall settings ▸ Networks: select the firewall profiles for undefined network connections, and define networks
  • Firewall rules: set the various System, Application, and Advanced Packet rules

For more information, see the articles in the Firewall section of Configuring Settings and Policies in the Business Hub and Avast Business Management Consoles.

Exclusions

Creating Site-specific Exclusions

  1. Select the site from the drop-down menu in the top-left
  2. Click the Policies tab
  3. Select the name of the Global Policy from the list
    1. Ensure the site can access the Global Policy by assigning it (see below).
  4. Navigate to Exclusions ▸ Antivirus Exclusions
  5. Enter the site-specific exclusion(s) in the desired tab
  6. Click Save

Assignments

Click + Assign to sites to enable specific sites to use the Global Policy. You can also remove sites from the assignment list using the check boxes and clicking Unassign policy.

Once you have made changes to the policy, click Save at the bottom-right of the drawer.