Common Rule Components and Actions
Each type of rule has a specific set of required and optional fields that you can customize to meet the needs of your organization’s security policy.
The following table describes the common steps for creating an endpoint security policy rule.
Define the settings and actions that are specific to the rule type.
For more details on the specific settings required for each rule type, see:
Add activation conditions to the rule—conditions that the endpoint must fulfill for a rule to be applied.
Define the target objects (users, computers, organizational units, groups, and endpoints).
Provide a descriptive name for the rule.
Save and optionally activate the rule.
Back up or restore rules.
Filter the rules shown on the page.
View the default policy rules.
Disable or enable all protection rules.
Policy Rule Types
Policy Rule Types A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies ...
Create an Exploit Protection Rule
Create an Exploit Protection Rule An exploit protection rule uses exploit protection modules (EPMs) to protect processes in your organization from specific exploitation techniques. Each ...
Manage Saved Rules
Manage Saved Rules After saving the rule, the name and description appear in the appropriate system logs and tables. Select the rule to view details ...
Collect New Process Information
Collect New Process Information By default, Traps protects the most commonly used and well-known processes on your endpoints. In addition, when WildFire is enabled, Traps ...
Configure a WildFire Rule
Configure a WildFire Rule WildFire rules determine how Traps detects and responds to malware on your endpoints. You can create or edit WildFire rules on ...
Manage Service Protection
Manage Agent Tampering Protection Agent tampering protection allows you to protect the Traps agents running on your endpoints. For flexible, granular control over agent tampering ...
Block Execution from Local Folders
Block Execution from Local and Network Folders Many attack scenarios are based on writing malicious executable files in remote folders and common local folders—such as ...
DLL File Protection
DLL File Protection Traps now extends its malware protection capabilities to block malicious DLL files on Windows endpoints. To provide a layered approach to DLL ...
User-Defined Rules A user-defined rule is a rule that you—or additional administrators with access to the ESM Console—create to manage the Traps security policy and ...