Policy Rule Types
A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies enable you to enforce protection, manage Traps settings, and take action on your endpoints. You can configure rules that target specific objects or that take effect when they match specific conditions and, together, these rules help to secure the endpoints in your organization.
The following table describes the types of policies you can configure in the ESM Console:
Malware protection rules use protection modules to block common behavior initiated by malicious executable files. Each rule in the malware protection policy specifies the type of protection module used to block suspicious actions. The rule can also include a whitelist that specifies exceptions to the rule. For more information, see Malware Protection Rules.
Exploit protection rules determine the method of protection for processes that run on your endpoints. Each rule in the exploit prevention policy specifies the type of protection modules used to protect processes. For more information, see Exploit Protection Rules.
Restriction rules limit the scope of an attack by specifying where and how executable files can run that are launched on Windows endpoints. For more information, see Restriction Rules.
WildFire rules enable pre- and post-prevention analyses of executable files and macros by sending unknown files to the public or private WildFire cloud. For more information, see Configure a WildFire Rule.
Forensics rules enable you to set preferences about memory dump and forensic file collection. For more information, see Forensics Rules.
Agent settings rules enable you to change the values of Traps agent settings related to logging, heartbeat frequency, and console accessibility. For more information, see Traps Agent Settings Rules.
Action rules allow you to perform administrative activities on endpoints. The one-time management actions include uninstalling and upgrading Traps, updating licenses, protecting the Traps software, and clearing data files. For more information, see Traps Action Rules.
Common Rule Components and Actions
Common Rule Components and Actions Each type of rule has a specific set of required and optional fields that you can customize to meet the ...
Administrative Privileges For each custom administrative role that you create, you can select the privileges and levels of access for each privilege. The levels of ...
Malware Protection Malware Protection Policy Best Practices Malware Protection Flow Manage Malware Protection Rules Manage Restrictions on Executable Files WildFire Integration Manage Hashes for Executable ...
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
View the Status of the Agent from the Traps Console
View the Status of the Agent from the Traps Console The console displays active and inactive services by displaying a or to the left of ...
Forensics Rules Forensics management rules enable you collect forensics data captured by Traps from a central location. From the Policies Forensics Management page, you can ...
Features Introduced in Traps Endpoint Security Manager
Features Introduced in Traps Endpoint Security Manager The following topics describe the new features introduced in Traps Endpoint Security Manager (ESM) 4.1. For additional information ...
Policy Enforcement When you configure security policy rules, Traps merges all configured rules into an effective policy that is evaluated for each endpoint. To determine ...