Security page of the SV Control Panel

2024-12-18Last updated

Use the Security page to modify user passwords, choose the communication mode between the CylancePROTECT Agent and Genetec™, and apply hardening profiles and system security settings to your Streamvault™ appliance.

The Security page of the Streamvault Control Panel.

Password settings

Use the Credentials section of the Security page to change user account passwords for your Streamvault appliance.

Note: Different password options are available to the current user on both a main and expansion server. On an expansion server, the admin can only change the Windows passwords, not the passwords of the Security Center applications.
Define a password for each user type:
Security Center (Admin user)
The admin user's password for Security Desk, Config Tool, and Genetec™ Update Service.
Server Admin
The password for the Genetec™ Server Admin application.
Windows operator
Click Modify password to change the operator's password for Windows.

Antivirus settings

Use the AI antivirus section to choose the mode in which the CylancePROTECT Agent communicates with Genetec.

CylancePROTECT is the AI-powered antivirus software used for threat protection and detection.

You can choose from the following operation modes:

Online (recommended)
When online, the CylancePROTECT Agent communicates with Genetec to report new threats, update its agent, and send data to help improve its mathematical models. This option offers the highest level of protection.
Disconnected
The disconnected mode is for an appliance without an internet connection. In this mode, CylancePROTECT cannot connect or send information to Genetec management services in the cloud. Your appliance is protected against most threats. Maintenance and updates are available through the Genetec™ Update Service (GUS).
Turn off
Select this mode to permanently uninstall CylancePROTECT from your appliance. Your appliance will use Microsoft Defender for threat protection and detection. We do not recommend turning off CylancePROTECT if the appliance cannot receive virus definition updates for Microsoft Defender.
CAUTION: Switching between options may require a computer reboot, causing downtime for the system.

Click Enable quarantine management to add Threat Management to the right-click menu of the Cylance icon in the Windows taskbar. This option allows you to delete quarantined items. Logging and Run Protect Detection are also added to the right-click menu. These options allow you to access logs and trigger scans, respectively.

Logging, Run Protection Detection, and Threat Management options added to the right-click menu of the Cylance icon in the Windows taskbar.

Hardening settings

Use the Hardening section to choose a hardening profile and set system security settings for your Streamvault appliance.

Note: The hardening profiles are available only on appliances that have the Streamvault service. For more information, see About the Streamvault service.

There are four predefined hardening profiles:

Microsoft (only)
This hardening profile applies Microsoft security baselines to your system. Microsoft security baselines are a group of Microsoft-recommended configuration settings that are based on feedback from Microsoft security engineering teams, product groups, partners, and customers.
Microsoft with CIS Level 1
This hardening profile applies Microsoft security baselines and the Center for Internet Security (CIS) Level 1 (CIS L1) profile to your system. The CIS L1 provides essential security requirements that can be implemented on any system with little or no performance impact or reduced functionality.
Microsoft with CIS Level 2
This hardening profile applies Microsoft security baselines and the CIS L1 and Level 2 (L2) profiles to your system. The CIS L2 profile offers the highest level of security and is intended for organizations where security is of utmost importance.
Note: The strict security that this hardening profile brings can reduce system functionality and make remote server management more difficult.
Microsoft with STIG
This hardening profile applies Microsoft security baselines and Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) to your system. DISA STIGs are based on National Institute of Standards and Technology (NIST) standards and provide advanced security protection for Windows systems for the U.S. Department of Defense.
Note: By default, all appliances are shipped with the Microsoft with CIS Level 2 hardening profile applied.

When a new version of your selected hardening profile is available, a Click here to update button appears. Click the button to apply the update.

SV Control Panel - Hardening section showing the Click here to update button to update the hardening profile.

In addition to the hardening profiles, the following system security settings can be set:

Remote Desktop service
Allow people in your network to log on to the appliance by using a Remote Desktop application. To prevent malicious software from affecting the device, this option has been turned off by default.
Remote management
Enable remote support for Microsoft management tools such as Windows Admin Center, Microsoft Server Manager, and Remote PowerShell.
File sharing service
Allow people in your network to share files and folders that are on the appliance. To prevent malicious software from affecting the device, this option has been turned off by default.
Never lock screen
If this option is turned on, Windows will keep a user logged in, even after 15 minutes of inactivity.
Removable storage access
Enable access to a connected USB key or USB hard disk from Windows.
Note: Users with administrative privileges automatically have removable storage access.