Policy Rule Types

A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies enable you to enforce protection, manage Traps settings, and take action on your endpoints. You can configure rules that target specific objects or that take effect when they match specific conditions and, together, these rules help to secure the endpoints in your organization.
The following table describes the types of policies you can configure in the ESM Console:
Policy
Description
Malware protection
Malware protection rules use protection modules to block common behavior initiated by malicious executable files. Each rule in the malware protection policy specifies the type of protection module used to block suspicious actions. The rule can also include a whitelist that specifies exceptions to the rule. For more information, see Malware Protection Rules.
Exploit protection
Exploit protection rules determine the method of protection for processes that run on your endpoints. Each rule in the exploit prevention policy specifies the type of protection modules used to protect processes. For more information, see Exploit Protection Rules.
Restrictions
Restriction rules limit the scope of an attack by specifying where and how executable files can run that are launched on Windows endpoints. For more information, see Restriction Rules.
WildFire
WildFire rules enable pre- and post-prevention analyses of executable files and macros by sending unknown files to the public or private WildFire cloud. For more information, see Configure a WildFire Rule.
Forensics
Forensics rules enable you to set preferences about memory dump and forensic file collection. For more information, see Forensics Rules.
Agent settings
Agent settings rules enable you to change the values of Traps agent settings related to logging, heartbeat frequency, and console accessibility. For more information, see Traps Agent Settings Rules.
Action
Action rules allow you to perform administrative activities on endpoints. The one-time management actions include uninstalling and upgrading Traps, updating licenses, protecting the Traps software, and clearing data files. For more information, see Traps Action Rules.

Related Documentation