Skip to main content

Enabling system guard

Use the information in this topic to enable system guard..

The System Guard feature is disabled by default. It is enabled before shipment as per the requirement of the end user.

XCC reset-to-default option also disables System Guard and clears the settings except snapshot history.

While enabling System Guard, the user is asked to confirm the settings, use the existing trusted snapshot, or capture inventory as a new trusted snapshot before turning on System Guard protection. Once it is turned on:

  • If the system power is off, System Guard starts to harvest the hardware inventory right away.

  • If the system power is on, System Guard compares the component inventory data with the trusted snapshot.

If the result of the comparison indicates a deviation from the trusted snapshot, XCC displays a warning Noncompliance due to hardware configuration mismatch. The details of the mismatch list each missing/changed/new hardware component with location/identifier/description attributes, compared with the trusted snapshot.

User can configure System Guard’s scope and action and decide which action to take when system becomes noncompliant via the Scope and Action panel.