- Configuring Advanced Endpoint Analysis Scans
- Advanced Endpoint Analysis Policy Expression Reference
- Troubleshooting Advanced Endpoint Analysis scans
You can define and apply Advanced Endpoint Analysis scans as part of user pre-authentication checks and as an active monitor during user sessions with session policies. To configure a preauthentication scan, you first configure a profile, and then a policy. In the policy, you specify a profile, which defines the action to take when a logon request matches the policy. You bind the preauthentication policy globally, so that it checks all logon attempts.
To configure a session scan, you configure a policy and bind it globally. Configure a default policy to apply to all sessions. You can also configure one or more specific policies to override the default settings for sessions that match the policy.
For the structure and parameters used in Advanced Endpoint Analysis expressions, see the Advanced Endpoint Analysis Policy Expression Reference.