Disable or Enable All Protection Rules
If the endpoint protection security policy is causing issues for endpoints in your organization, you can quickly disable all active policy rules including the default policy rules. Disabling protection effectively removes all restrictions and halts the following tasks:
- Traps injection into all processes that run in the future
- Validation against WildFire
- Further data collection
Modifying security policy rules while all protection is disabled has no effect until protection is re-enabled.
After disabling protection and resolving the issues, you can restore all the policy rules at the same time by enabling all protection. (Enabling protection does not activate rules that were previously deactivated.)
In a scenario where you need to disable only a single rule or small group of rules, you can individually select and deactivate those rules from the rule management page specific to that rule type.
- From the ESM Console, select any rule management page, such as PoliciesMalwareRestrictions.
- Do either of the following:
- To disable protection, click Disable All Protection. The ESM disables all rules and sends the updated security policy to the endpoints at the next heartbeat communication with the Traps agents.
- To enable protection, click Enable All Protection. The ESM re-enables all rules and sends the updated endpoint protection security policy to the endpoints at the next heartbeat communication with the Traps agents.
Policy Rule Types
Policy Rule Types A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies ...
Manage Protection Settings on the Endpoint Using Cytool
Manage Protection Settings on the Endpoint Using Cytool By default, Traps protects core processes, registry keys, Traps files, and Traps services according to the service ...
Traps Agent Settings Rules
Traps Agent Settings Rules Agent settings rules enable you to change preferences related to Traps from a central location. From the Settings Agent Settings page, ...
Common Rule Components and Actions
Common Rule Components and Actions Each type of rule has a specific set of required and optional fields that you can customize to meet the ...
Policy Enforcement Traps evaluates rules based on the type of policy associated with the rule. Exploit protection, malware protection, and restriction rules are evaluated only ...
Manage Malware Protection Rules
Manage Malware Protection Rules Malware protection rules enable you to restrict malware-related behavior. When enabled, these modules use a whitelist model that allows process injection ...
Enable or Disable Traps File Protection Settings on the Endpoint
Enable or Disable Traps File Protection Settings on the Endpoint To prevent attackers from tampering with the Traps files, use the cytool protect enable file ...
Enable or Disable Service Protection Settings on the Endpoint
Enable or Disable Service Protection Settings on the Endpoint To bypass the Traps security policy, attackers can attempt to disable or change the status of ...
Enable or Disable Core Process Protection on the Endpoint
Enable or Disable Core Process Protection on the Endpoint By default, Traps protects core processes including Cyserver.exe and CyveraService.exe based on the service protection rules ...