This site is only for Avast Business products. For articles on AVG Business products, see AVG Business Help.

Global Policies in Business Hub

This Article Applies to:

  • Business Hub


Since December 16th, 2020, customers can use the Business Hub to create and manage policies across their entire network, and for specific sites or customers.

Main Benefits

  • Configure policies on a single page
  • Apply policies to all devices regardless of operating system
  • Create and manage exclusions in one place
  • Create site- or customer-specific exclusions when opening a Global Policy from the site's Policies tab
  • Utilize predefined settings for Workstations and Servers

What to Expect

Existing policies will have the following alterations to enable this shift:

  • Policies with settings for multiple operating systems will be separated into multiple policies based on the operating system
    • Example: If you have one policy with different settings for Windows Workstations, Windows Servers, and macOS, you will see three different policies. These policies will include the operating system type at the end for your reference.
  • Policy names will remain the same
  • All devices will be automatically assigned policies based on their operating system
    • Example: Windows Workstations that were using a policy with settings for Workstations, Servers, and macOS will be assigned to the policy for Workstations

Creating a New Global Policy

  1. Open the Hub
  2. Click the Policies tab
  3. Click + Policy
  4. Enter the name you would like to use for the policy
  5. If desired, enter a description for the policy
  6. Choose whether to base the new policy from a predetermined Avast policy or an existing policy, then make a selection in the drop-down menu
  7. Click Create

Configuring Your Policy

Once you have created a policy, you can edit the settings by clicking its name in the table. A drawer will open with five tabs, and a few buttons at the top. You can use these buttons to revert the policy to its original settings, or to duplicate it. If you want to delete your policy, you can do so by clicking the three dots and selecting Delete Policy.


This tab provides some brief details about the policy. You can edit the description by clicking the pencil icon. You can also see when the policy was created and last updated.

General Settings

  • General Settings: Using the toggles, enable or disable Password Protection, Silent Mode, Reputation Services, Debug Logging, Avast Tray Icon, and Scan of External Drives. You can also choose which version of Essential/Premium/Ultimate Business Security the assigned devices will use by typing either a version number, "latest", or "stable" in the Version Switch section.
  • Updates: Select either Automatic or Manual updates for your Virus definitions and Program (see Configuring Virus Definitions and Antivirus Updates). If needed, you can configure the settings for a proxy to be used during updates (see Configuring Proxy Settings for Devices).
  • Troubleshooting: Using the toggles, enable or disable Anti-rootkit Monitor, Avast Self-defense Module, Limited Program Access for Guest Accounts, and Hardware-assisted Virtualization. You can also enter the details for your mail ports.
  • Restart Options: Select when to restart endpoint devices between only when needed by the Antivirus or Patch Management service, automatically, when user logs off, or not at all. For more information on these options, see Configuring Restarts.

Service Settings


  • General Settings: Enable or disable CyberCapture and Hardened mode
  • Antivirus Scans: Set the frequency and schedule for Quick and Full System Antivirus Scans. For more information, see Device Scanning Tasks
  • Antivirus Protection: Enable, disable, and configure settings for the main protection components
  • Data Protection: Enable, disable, and configure settings for this category of components
  • Identity Protection: Enable, disable, and configure settings for this category of components

For more information on these components, see Component Overview. You can access the settings for a configurable component by clicking the drop-down arrow beside its name.

Patch Management

  • Patch Scans and Deployments: Set the frequency of scans for missing patches, and whether or not to deploy missing patches immediately, on a specific schedule, or manually
  • Other Settings: Select when to clear the local patch files on the end device

For more information on Patch Management's various settings, see Patch Management in Avast Business Hub.


  • Networks: Select the firewall profiles for undefined network connections, and define networks
  • Firewall rules: Set the various System, Application, and Advanced Packet rules
  • Advanced: Enable or disable Leak Protection, Port Scan Alerts, and ARP Spoofing Alerts

For more information, see the articles in the Firewall section of Configuring Settings and Policies in Avast Business Hub.


The link in the VPN section will send you to the Devices page, where you can enable or disable VPN connections for each of your devices.

For more information, see the VPN article.

USB Protection

  • Access to removable storage devices: Allow or block access to connected devices with storage capabilities

For more information, see the USB Protection article.

Cloud Backup

  • What to backup: Define folders and content to be backed up (All files or Only specified file types)
  • Specify file types: In case of backing up only certain types of files, select them here
    • Skip files based on file size: Exclude the files whose size exceeds a defined lower or upper limit from the backup
  • Exceptions: Click on the provided link to the Exclusions tab to define the folders and file types to be excluded from the backup
  • Schedule: Define the frequency of backups
  • Retention: Choose how long the backed up data will be stored before being deleted

For more information, see the Cloud Backup in Avast Business Hub section.


  • Antivirus exclusions: Enter exclusion paths to be excluded from either All scans and shields, or specific Shields (for more information, see Configuring Antivirus Exclusions)
  • Patch Management exclusions: Enter exclusions for selected patch vendors and severities (for more information, see Patch Exclusions)
  • Cloud Backup exclusions: Enter backup exclusions for selected folders and file types
  • USB Protection exclusions: Specify removable devices to be excluded from USB Protection

Creating Site-specific Exclusions

  1. Select the site from the drop-down menu in the top-left
  2. Click the Policies tab
  3. Select the name of the Global Policy from the list
    1. Ensure the site can access the Global Policy by assigning it (see below).
  4. Navigate to Exclusions ▸ Antivirus Exclusions
  5. Enter the site-specific exclusion(s) in the desired tab
  6. Click Save


Click + Assign to sites to enable specific sites to use the Global Policy. You can also remove sites from the assignment list using the check boxes and clicking Unassign policy.

Once you have made changes to the policy, click Save at the bottom right of the drawer.