Contents x
      How to update an agent policy
      • 01 Feb 2022
      • Dark
        Light
      Contents

      How to update an agent policy

      • Updated on 01 Feb 2022
      • Dark
        Light
      Article Summary

      Agent policies specify the Elastic Endpoint Security agent's behavior on each associated machine. 

      These policies allow for more granular control of each of the following:

      • Malware protection
        • Enable / Disable protection
        • Enable / Disable user notifications
          • Customize notification contents
      • Ransomware protection
        • Enable / Disable protection
        • Enable / Disable user notifications
          • Customize notification contents
      • Memory threat protection
        • Enable / Disable protection
        • Enable / Disable user notifications
          • Customize notification contents
      • Malicious behavior protection
        • Enable / Disable protection
        • Enable / Disable user notifications
          • Customize notification contents
      • Event collection
        • Enable / Disable event collection on Windows
        • Enable / Disable event collection on MacOS
          • File
          • Process
          • Network
        • Enable / Disable event collection on Linux
          • File
          • Process
          • Network
      • Elastic Endpoint Security integration with Windows Security
        • Enable / Disable registration (disables Windows Defender)

      Process

      1. Login to Elastic Endpoint Security. If you need assistance with this, please refer to How to access Elastic Endpoint Security
      2. Open the sidebar by clicking on the menu button
      3. Navigate to Fleet under Management
      4. On the Fleet page, select the Agent policies tab
      5. Locate the policy that you would like to adjust. From this page, you are also able to create new policies, as well as duplicate existing policies. Duplication can be helpful if you would like to create a new category of protection that deviates slightly from a current protection policy. In this case, we're adjusting the policy named Protection, but it is important to note that the policy you need to change might have a different name.
      6. On the policy Integrations page, select the Endpoint Security integration.
      7. The Edit Endpoint Security Integration page allows you to adjust the behavior of the Endpoint Security agent on each machine associated with the Agent policy.


      Was this article helpful?
      What's Next
      Expedient Homepage

      To open a Support Ticket please visit the Support Management Console