Default Protection Policy
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Default Protection Policy
The Endpoint Security Manger is preconfigured with a
default security policy which contains a curated set of Malware
Protection Rules and Exploit
Protection Rules. This default security policy automatically
protect your endpoints from common software vulnerabilities, exploits,
and malware techniques without requiring additional configuration.
The following table describes the protection modules and the
default configuration provided in content update version 13. When
configuring new rules, you can override the settings to meet the
requirements of your organization’s security policy.
Module | OS | Enabled by Default? | Mode | User Alert |
---|---|---|---|---|
Malware Protection Modules | ||||
Child Process Protection | Windows | Prevention | On | |
Gatekeeper Enhancement | Mac | Prevention | On | |
Anti-Ransomware Protection | Windows | Prevention | On | |
Exploit Protection Modules | ||||
Brute Force Protection | Linux | Prevention | — | |
CPL Protection | Windows | Prevention | On | |
DEP | Windows | Prevention | On | |
DLL Security | Windows | Prevention | On | |
DLL-Hijacking Protection | Windows | — | Prevention | On |
Dylib-Hijacking Protection | Mac | — | Prevention | On |
Exception Heap Spray Check | Windows | — | Prevention | On |
Exploit Kit Fingerprinting Protection | Windows | Prevention | On | |
Font Protection | Windows | Prevention | On | |
Hot Patch Protection | Windows | — | Prevention | On |
JIT Mitigation | Windows and Mac | Prevention | On | |
Kernel APC Protection | Windows | Prevention | Off | |
Kernel Privilege Escalation Protection | Windows, Mac, Linux | Prevention | On (Windows and Mac only) | |
Library Preallocation | Windows | — | Prevention | On |
Memory Limit Heap Spray Check | Windows | — | Prevention | On |
Null Dereference Protection | Windows | Prevention | On | |
ROP Mitigation | Windows, Mac, Linux | Prevention | On (Windows and Mac only) | |
SEH Protection | Windows | Prevention | On | |
Shellcode Preallocation | Windows | Prevention | On | |
Shellcode Protection | Linux | Prevention | — | |
ShellLink Protection | Windows | Prevention | On | |
SysExit | Windows | — | Prevention | On |
UASLR | Windows | Prevention | On |