HIP Objects

HIP objects allow you to configure compliance criteria for endpoint devices and can be used as conditions in security policies.

Note After connecting to NGFW, an endpoint device will send telemetry at 1-minute intervals.
Note To specify certain conditions, a licensed Security Updates module is required that enables downloading library updates.

To add an object, provide these settings:

Name

Description

Name

The name of the HIP object.

Description

(Optional) description of the HIP object.

OS version

The version of the operating system on the user device.

When using the = and != operators, specify the full version of Windows.

UserGate client version

The version of the UserGate client software.

Connection security

Endpoint security component statuses:

  • Firewall;

  • Antimalware;

  • Automatic Update;

  • BitLocker.

Important! BitLocker is considered enabled if it is enabled on at least one of the disks.

Products

Conformance check of the software installed on the endpoint:

  • Antimalware. Conformance check of the antimalware software on the user device:

    • Enabled: check the software status

    • Antimalware database updated: checking database relevance (yes, no, or do not check)

    • Version: the version of the software

    • Vendor: the device vendor and product name.

  • Firewall. Conformance check of the firewall on the device. You need to specify the following parameters:

    • Installed: check if the software is installed

    • Enabled: check the software status (yes, no, or do not check)

    • Version: the version of the software

    • Vendor: the device vendor and product name

  • Backup. Conformance check of the backup software:

    • Installed: check if the software is installed

    • Version: the version of the software

    • Vendor: the device vendor and product name.

  • Disk encryption. Conformance check of disk encryption programs installed on the endpoint:

    • Installed: check if the software is installed

    • Version: the version of the software

    • Vendor: the device vendor and product name.

  • DLP. Conformance check of the data leak protection system on the device:

    • Installed: check if the software is installed

    • Version: the version of the software

    • Vendor: the device vendor and product name.

  • Update management: check for current updates.

    • Installed: check if the software is installed

    • Version: the version of the software

    • Vendor: the device vendor and product name.

Processes

Check the processes running on the device.

Running services

Check the services running on the device.

Registry keys

Microsoft Windows registry key is a registry where OS settings and parameters are stored.

The following types of registry values are supported:

  • REG_SZ: a null-terminated Unicode or ANSI string

  • REG_BINARY: binary data of any form

  • REG_DWORD: a 32-bit number

The following registry keys can be checked:

  • HKEY_LOCAL_MACHINE

  • HKEY_USERS

Important! The path specification begins with a backslash (\), such as \HKEY_LOCAL_MACHINE, followed by the full registry path with backslash (\) used as the separator.

For a description of the various registry keys, refer to the Microsoft documentation (https://docs.microsoft.com/en-us/troubleshoot/developer/webapps/iis/general/use-registry-keys).

Installed updates

Check that a specific update is installed on the device. The Microsoft Knowledge Base (KB) article number must be specified, e.g., KB5013624.