Malware Protection Rules
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Malware Protection Rules
A malware protection rule prevents the
execution of malware, often disguised as or embedded in non-malicious
files, by using malware modules to target process behaviors that
are commonly triggered by malware.
You can activate malware protection modules in all processes
or enable protection of one or more protected processes in your
organization.
The following table describes the malware protection modules:
Malware Protection
Rules | Description |
|---|---|
Child Process Protection | (Windows only) The Child Process
Protection MPM prevents script-based attacks used to deliver malware
such as ransomware by blocking known targeted processes from launching
child processes commonly used to bypass traditional security approaches.
For more information, see Configure
Child Process Protection. |
Anti-Ransomware Protection | (Windows only) The Anti-Ransomware
Protection MPM targets encryption-based activity associated with
ransomware with the ability to analyze and halt ransomware activity
before any data loss occurs. Configure
Anti-Ransomware Protection. |
Gatekeeper Enhancement | (Mac only) The Gatekeeper Enhancement
MPM is an enhancement of the macOS gatekeeper functionality which
allows apps to run based on their digital signature. The MPM provides
an additional layer of protection by extending gatekeeper functionality
to child processes to enforce the signature level of your choice.
For more information, see Configure
the Gatekeeper Enhancement MPM. |