Frequently Asked Questions (FAQ)

Our internal researchers procure vulnerability information for Windows Operating systems and other Microsoft products from Microsoft's official security guidance page, and for different Linux distros from the official security advisories of the respective vendors. For third-party products, we obtain the vulnerability data from NVD and CVE details, and the respective vendors' official security advisory pages.

• For CVEs, support is provided within 24 hours of its disclosure.
• For zero-days, support is provided within 7 hours of its disclosure.

Our internal researchers procure information regarding security misconfigurations from recommendations in STIG and CIS, and also from respective vendor websites.

All the CIS benchmarks that are used for Endpoint Central's audits are arrived at from the official CIS website.

Any of the Windows computers in your network with the requirements mentioned here can be hosted as your Central server.

Currently, if the operating systems meet any of the following criteria, we consider them as server machines:

• If the operating systems' name contains the keyword "server"
• If the machine with Red Hat Enterprise Linux OS has a Server subscription
• If the machine has Oracle Linux OS

We recommend purchasing server licenses for any Linux machine when deploying them as servers within the organization.

Navigate to Agent --> Computers in the console interface. Create a filter for Operating System with tags "server" and "Oracle". The Red Hat Enterprise Linux OS server machines cannot be identified using the web console as its subscription has to be checked.

The free edition allows management of any number of servers, as long as the total number of endpoints does not exceed 25.

Under software vulnerabilities, patches are displayed as a resolution to fix a known threat or vulnerability.

Common Vulnerability Scoring System (CVSS v3.0) is used to assess the severity of vulnerabilities based upon the ease of exploit and the approximated potential of impact. Scores range between 1 and 10 with 10 being most severe. Additionally patches can be looked up using their CVE ID

We detect web and database server vulnerabilities by scanning listening ports and identifying the application and its version. Vulnerabilities are identified by comparing the detected version to the vulnerability database. For further clarification on vulnerability applicability, please contact the vendor.

For Endpoint Central and other ManageEngine products, we use CVE analysis data from our internal security experts to exclude non-applicable vulnerabilities and display only applicable ones. In the initial days after a CVE is released, vulnerabilities may be detected, but if our analysis determines they are not applicable, they will be removed in subsequent scans after a database sync.

You can track the status of deployed security configurations from Deployments> Security configurations and re-deploy the failed deployments from here.

You can filter the Security Misconfigurations on the basis of:

1. Misconfigurations: Misconfiguration Name, Category, Severity, Remediation Availability and Post Deployment Issue.

2. Systems: Computer Name, Platform, Domain Name, Branch Office, Custom Group, Operating System, Language and Agent Live Status.

You can filter the Web Server Misconfigurations on the basis of:

1. Misconfigurations: Misconfiguration Name, Category, Severity, Web Server Name and DB Server Name.

2. Systems: Computer Name, Platform, Domain Name, Branch Office, Custom Group, Operating System, Language and Agent Live Status.

The product currently supports security configuration management only for systems running on Windows OS

When a system is quarantined, it is isolated from the network to prevent potential security risks. Users will be notified, and administrators can take necessary actions to remediate compliance issues.

• For On Premises, patches will be downloaded from server as server to agent communication will there irrespective of the system quarantine status so patching process will happen in usual manner.
• For Cloud agents, patches will be downloaded directly from the vendor websites. If a system is quarantined, while downloading patches, the URL from which the patches need to be downloaded will be temporarily allowlisted. Once the patch is downloaded from that website, the URL will be automatically blocklisted by the quarantine policy.

Yes, once the compliance issues are addressed, administrators can lift the quarantine, allowing the system to resume normal operations.

Regular audits are recommended, with the frequency determined by organizational policies. Monthly or quarterly audits are common, but more frequent daily checks may be necessary for highly dynamic environments.

Absolutely! The policy is highly customizable to accommodate the unique requirements of your organization. Administrators can define rules tailored to specific compliance standards and security policies.

You can track the status of high-risk software uninstallation from Deployments> Software uninstallation.

Static group exclusion happens immediately, whereas for Dynamic groups, it reflects after the next scan.