Policies

This page includes:

• Policies
  • About policies
  • Adding a new policy
  • Policy settings
  • Modifying a policy
  • Cloning a policy
  • Deleting a policy
  • Built-in policies

About policies

You assign a policy to endpoint users, and the policy then defines the behavior of the extension for those users. You can create multiple policies - each policy designed to meet the requirements of a different set of users. For example, you could assign one policy for developers in your organization, another policy for management personnel, and a third policy for secretaries.

You assign a policy to new endpoint users when they are created, and you can change the policy that is assigned to existing users. For details, see Managing Endpoint Users.

Customizable functionality of the ABS Browser Extension includes features such as:

• customized deployment of the Browser Extension

• web threat detection

• download file-scanning

• restricting access to specified web apps from protected browsers only

You use the Policies page in the Advanced Browser Security Console to create and configure policies. You can create multiple policies - each policy designed to meet the requirements of a different use-case scenario.

When Advanced Browser Security is enabled for your organization, three built-in policies are created. For details, see Built-in policies below.

Adding a new policy

You can create and maintain multiple policies.

To add a new policy:

1. In the Advanced Browser Security Console, open the Policies page.

   The list of existing policies is displayed.

2. Click Add new policy.

3. Enter a name for the new policy.

4. Configure the policy using the 4 available tabs. [See "Policy settings" below.]

5. Click Save.

Policy settings

Note: Changes that you make to the settings on this page typically take effect immediately, or after a few seconds.

Detection Settings

Detection Settings Lets you define various settings that affect the way that the browser extension detects malicious content in downloaded files and websites. For details, see Detection Settings.

Website Rules

Website Rules options Lets you define data loss prevention rules to help protect data in sensitive websites and web apps. For details, see Website Rules.

Conditional Access

Conditional Access options Lets you enforce that users access specific work-related web apps from protected browsers only - browsers that have the extension installed. For details, see Conditional Access Integration.

Custom Messages

Custom Messages Lets you define custom messages that will be displayed when a downloaded file or a website is blocked. For details, see Custom Messages.

Maximum: You can have a maximum of 1,000 policies.

Modifying a policy

You can modify the configuration of a policy.

To modify a policy:

1. Open the Policies page.

2. Locate and click the policy that you want to modify.

3. Make the required changes.

4. Click Save.

Cloning a policy

Admin users can clone a policy, and then modify the new policy as required. The new policy will have the same configuration as the policy that was cloned.

To clone a policy:

Open the Policies page.

1. Hover over a policy and then click the Clone policy icon [], or select a policy and then click Clone policy.

   

2. Specify a name for the cloned policy.

3. Modify the configuration of the policy, as required, and then click Save.

Deleting a policy

If a policy is no longer required, you can delete the policy.

To delete a policy:

1. Open the Policies page.

2. Select the policy or policies that you want to delete.

3. Click Delete policy or Delete x policies.

Built-in policies

When Advanced Browser Security is enabled for your organization, three built-in policies are created:

• Default Policy

• Disabled Policy

• Strict Policy

By default, the built-in policies have the settings shown in the table below: You can clone or modify any of the built-in policies.

Policy	Default Policy	Disabled Policy	Strict Policy
Detection settings
File detection mode	Silent	Disabled	Block (15 second timeout)
Website detection mode	Silent	Disabled	Block
File detection exclusions	On	N/A	Off
Monitor password reuse	Off	Disabled	On
Anti-tampering	Off	Disabled	On
Website rules
Category-based rules	None	None	Block the following categories: Adult Cryptomining Deceptive Illegal Content Malicious Parked Sites & Domains

See also: 

• Managing Advanced Browser Security