Default Protection Policy

The Endpoint Security Manger is preconfigured with a default security policy which contains a curated set of Malware Protection Rules and Exploit Protection Rules. This default security policy automatically protect your endpoints from common software vulnerabilities, exploits, and malware techniques without requiring additional configuration.
The following table describes the protection modules and the default configuration provided in content update version 13. When configuring new rules, you can inherit the behavior from the preceding rule in the rule hierarchy or you can override the settings to meet the requirements of your organization’s security policy.
Module
OS
Enabled by Default?
Mode
User Alert
Malware Protection Modules
Child Process Protection
Windows
check-mark.png
Prevention
On
Gatekeeper Enhancement
Mac
check-mark.png
Prevention
On
Anti-Ransomware Protection
Windows
check-mark.png
Prevention
On
Exploit Protection Modules
CPL Protection
Windows
check-mark.png
Prevention
On
DEP
Windows
check-mark.png
Prevention
On
DLL Security
Windows
check-mark.png
Prevention
On
DLL-Hijacking Protection
Windows
Prevention
On
Dylib-Hijacking Protection
Mac
Prevention
On
Exception Heap Spray Check
Windows
Prevention
On
Exploit Kit Fingerprinting Protection
Windows
check-mark.png
Prevention
On
Font Protection
Windows
check-mark.png
Prevention
On
Hot Patch Protection
Windows
Prevention
On
JIT Mitigation
Windows and Mac
check-mark.png
Prevention
On
Kernel APC Protection
Windows
check-mark.png
Prevention
Off
Kernel Privilege Escalation Protection
Windows and Mac
check-mark.png
Prevention
On
Library Preallocation
Windows
Prevention
On
Memory Limit Heap Spray Check
Windows
Prevention
On
Null Dereference Protection
Windows
check-mark.png
Prevention
On
ROP Mitigation
Windows and
Mac
check-mark.png
Prevention
On
SEH Protection
Windows
check-mark.png
Prevention
On
Shellcode Preallocation
Windows
check-mark.png
Prevention
On
ShellLink Protection
Windows
check-mark.png
Prevention
On
SysExit
Windows
Prevention
On
UASLR
Windows
check-mark.png
Prevention
On

Related Documentation