Hardware reference guide
GlobalProtect Administrator’s Guide 131
Use Host Information in Policy Enforcement About Host Information
You can also exclude certain categories of information from being collected on certain hosts (to save CPU cycles
and improve client response time). To do this, you create a client configuration on the portal excluding the
categories you are not interested in. For example, if you do not plan to create policy based on whether or not
client systems run disk backup software, you can exclude that category and the agent will not collect any
information about disk backup.
Mobile Devices
Identifying information about the mobile device, including the hostname, operating
system, and client version.
Patch Management
Information about any patch management software that is enabled and/or installed
on the host and whether there are any missing patches.
Firewall
Information about any client firewalls that are installed and/or enabled on the host.
Antivirus
Information about any antivirus software that is enabled and/or installed on the
host, whether or not real-time protection is enabled, the virus definition version,
last scan time, the vendor and product name.
Anti-Spyware
Information about any anti-spyware software that is enabled and/or installed on the
host, whether or not real-time protection is enabled, the virus definition version,
last scan time, the vendor and product name.
Disk Backup
Information about whether disk backup software is installed, the last backup time,
and the vendor and product name of the software.
Disk Encryption
Information about whether disk encryption software is installed, which drives
and/or paths are configured for encryption, and the vendor and product name of
the software.
Data Loss Prevention
Information about whether data loss prevention (DLP) software is installed and/or
enabled for the prevention sensitive corporate information from leaving the
corporate network or from being stored on a potentially insecure device. This
information is only collected from Windows clients.
Mobile Devices
Identifying information about the mobile device, such as the model number, phone
number, serial number and International Mobile Equipment Identity (IMEI)
number. In addition, the agent collects information about specific settings on the
device, such as whether or not a passcode is set, whether the device is jailbroken,
and even if it contains apps that are known to have malware (Android devices only),
and, optionally, the GPS location of the device. Note that for iOS devices, some
information is collected by the GlobalProtect app and some information is
reported directly by the operating system. If you are using the GlobalProtect Mobile
Security Manager, it collects extended HIP information from enrolled mobile
devices and shares it with the gateways for use in policy enforcement. See Enable
Gateway Access to the Mobile Security Manager for details.
Category Data Collected