Chapter 35 Endpoint Security

Table 161 Endpoint Security Object Commands

COMMAND

DESCRIPTION

windows-version {windows-

If you set windows as the operating system (using the os-typecommand), use this

2000 windows-xp

command to set the version of Windows.

windows-2003 windows-

 

2008 windows-vista

 

windows-7 windows-

 

2008r2}

 

matching-criteria {any

Select whether the user’s computer has to match just one of the endpoint security

all}

object’s checking criteria or all of them.

list signature {anti-

Displays all the anti-virus software packages, personal firewall software packages or

virus personal-firewall

EPS signature information respectively.

status}

The status command displays the EPS signature version, release date and the total

 

 

number of software packages for which the ZyWALL’s endpoint security can check.

 

 

[no] windows-auto-update

If you set windows as the operating system (using the os-typecommand), you can

{enable disable

use enable with this command if the user’s computer must have the Windows Auto

ignore}

Update feature installed and activated; use disable if the Windows Auto Update

 

feature must be installed but deactivated; use ignore if the Windows Auto Update

 

feature must be installed but does not matter if it is activated or not.

 

The no command does not check the Windows Auto Update feature.

[no] windows-service-pack

If you set windows as the operating system (using the os-typecommand), you can

<1..10>

enter the minimum Windows service pack number the user’s computer must have

 

installed. The user’s computer must have this service pack or higher. For example, “2”

 

means service pack 2. The no command means to have the ZyWALL ignore the

 

Windows service pack number.

[no] windows-security-

If you set windows as the operating system (using the os-typecommand), you can

patch security_patch

use this command to set a Windows security patch that the user’s computer must

 

have installed. If you want to enter multiple security patches, use this command for

 

each of them.

 

The user’s computer must have all of the set Windows security patches installed to

 

pass the checking item.

 

 

[no] windows-registry

If you set windows as the operating system (using the os-typecommand), you can

registry_key {eq gt lt

use this command to set a Windows registry value to check on the user’s computer. If

ge le neq}

you want to enter multiple registry values, use this command for each of them.

registry_value

Set whether the value for the registry item in the user’s computer has to be equal to

 

 

(eq), greater than (gt), less than (lt), greater than or equal to (ge), less than or

 

equal to (le), or not equal to (neq) the value specified.

 

The user’s computer must pass all of the set Windows registry value checks to pass

 

the checking item.

 

 

show eps profile

Displays the settings of all or the specified endpoint security object.

[profile_name]

 

show eps profile profile_name

Displays Anti-Virus or personal firewall signatures that have been added to the

signature {anti-virus

specified endpoint security object.

personal-firewall}

 

show eps signature {anti-virus

Displays all the anti-virus software packages, personal firewall software packages or

personal-firewall status}

EPS signature information respectively.

 

The status command displays the EPS signature version, release date and the total

 

number of software packages for which the ZyWALL’s endpoint security can check.

 

 

show eps warning-message

Shows the warning messages displayed when a network client’s computer fails an

{windows-auto-update

EPS check.

windows-security-patch anti-

 

virus personal-firewall

 

windows-registry process

 

file-path}

 

272

 

ZyWALL (ZLD) CLI Reference Guide