Common Rule Components and Actions
Each type of rule has a specific set of required and optional fields that you can customize to meet the needs of your organization’s security policy.
The following table describes the common steps for creating an endpoint security policy rule.
Define the settings and actions that are specific to the rule type.
For more details on the specific settings required for each rule type, see:
Add activation conditions to the rule—conditions that the endpoint must fulfill for a rule to be applied.
Define the target objects to which the rule applies. You can apply rules directly to object types. You can also create virtual groups based on endpoint characteristics or Active Directory group membership for reuse across rules.
Provide a descriptive name for the rule.
Save and optionally activate the rule.
Back up or restore rules.
Filter the rules shown on the page.
View the default policy rules.
Disable or enable all protection rules.
Policy Rule Types
Policy Rule Types A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies ...
Create an Exploit Protection Rule
Create an Exploit Protection Rule An exploit protection rule uses exploit protection modules (EPMs) to protect processes in your organization from specific exploitation techniques. Each ...
Add a New Action Rule
Add a New Action Rule For each action rule, you can specify organizational objects, conditions, and actions to take on each endpoint. Action rules apply ...
Collect New Process Information
Collect New Process Information By default, Traps protects the most commonly used and well-known processes on your endpoints. In addition, when WildFire is enabled, Traps ...
Configure a WildFire Rule
Configure a WildFire Rule WildFire rules determine how Traps detects and responds to malware on your endpoints. You can create or edit WildFire rules on ...
Manage Service Protection
Manage Agent Tampering Protection Agent tampering protection allows you to protect the Traps agents running on your endpoints. For flexible, granular control over agent tampering ...
Uninstall or Upgrade Traps on the Endpoint
Uninstall or Upgrade Traps on the Endpoint Create a new agent actions rule to uninstall Traps from the target objects or upgrade Traps using software ...
Define External Media Restrictions
Define External Media Restrictions Malicious code can gain access to endpoints through external media, such as removable drives and optical drives. To protect against this ...
Policy Enforcement When you configure security policy rules, the Traps rules mechanism merges all configured rules into an effective policy that is evaluated for each ...