Creating deployments

Use deployments to deploy engines and JREs to endpoints on a schedule. You must have the Comply Deployment Administrator role to create deployments. For more information about Comply roles, see User role requirements.

Create a deployment

  1. From the Comply menu, go to Setup > Deployments.
  2. On the Manage Deployments page, click Create Deployment.

  3. In the Details section, provide a Name.
  4. Select Computer Groups you want to target with the deployment. You can select multiple computer groups in this field.
  5. Select a Platform for the deployment.
  6. Select the Architecture for the deployment.
  7. Select one or more Scan Engines.

    If you select CIS-CAT or Tanium Scan Engine (powered by JovalCM), you must select a Java Runtime option.

    The Preview section shows the defined deployment criteria.

  8. If needed, add Advanced Settings.

    Consult with your TAM before adding or changing any Advanced Settings.

  9. In the Schedule section, set the schedule for the deployment:
    1. (Optional) Select Start on and End on and complete the date and time values to limit the report to run only during a specific time period.

      The date and time displayed by default is the local browser time. For details on how this time is used to deploy the scheduled action, see Tanium Console User Guide: Deploying actions (Step 5).

    2. (Optional) Select the Distribute over option and enter values to run the report over minutes or hours. For more information on deploying actions, see Tanium Console User Guide: Deploying actions (Step 5).
    3. In the Repeat section, select Interval, Using Policy Saved Action, or Never.
      • Select Interval to specify how often the deployment runs. The Reissue every field displays, and you can set the schedule.
      • Select Using Policy Saved Action to use a saved question to determine whether any endpoints require the deployment. The action runs only if applicable endpoints are found.
      • If you do not want the deployment to run again, select Never.
  10. Click Create & Deploy. The Action progress and Installation status display for your deployment.
You might receive one of the following errors if deployments do not run as expected:

Some machines included in this deployment cannot be deployed to. — Ensure that targeted endpoints have enough disk space to accommodate deployments.

Some machines included in this deployment don’t have the system utilities required to complete a scan. — Linux/macOS endpoints do not have the Unix utilities installed required for Comply to work correctly.

Use JRE encryption

Use JRE encryption to encrypt the ZIP file on the endpoint that contains the JRE, which prevents access to the JRE. When you use JRE encryption, reports that require the JRE distribute a key file to decrypt the JRE. After the report runs, the key file and decrypted JRE are removed. The encrypted JRE remains and is used the next time it is required.

This option is enabled by default.

  1. Complete all of the fields in the Create Deployment window and select Deploy JRE in the Java Runtime section.
  2. Select Encrypt JRE.
  3. Click Create & Deploy. On the Reports page, any report with an encrypted JRE will show a lock next to that engine.


If a JRE encryption key is lost or overwritten, you can recreate the JRE encryption key. See Recreate JRE encryption key.