Disable or Enable All Protection Rules

If the endpoint protection security policy is causing issues for endpoints in your organization, you can quickly disable all active policy rules including the default policy rules. Disabling protection effectively removes all restrictions and halts the following tasks:
  • Traps injection into all processes that run in the future
  • Validation against WildFire
  • Further data collection
Modifying security policy rules while all protection is disabled has no effect until protection is re-enabled.
After disabling protection and resolving the issues, you can restore all the policy rules at the same time by enabling all protection. (Enabling protection does not activate rules that were previously deactivated.)
In a scenario where you need to disable only a single rule or small group of rules, you can individually select and deactivate those rules from the rule management page specific to that rule type.
  1. From the ESM Console, select any rule management page, such as
    Policies
    Malware
    Restrictions
    .
  2. Select the action menu manage-hidden-menu-icon.png .
  3. Do either of the following:
    • To disable protection, select
      Disable All Protection
      . The ESM disables all rules and sends the updated security policy to the endpoints at the next heartbeat communication with the Traps agents.
    • To enable protection, select
      Enable All Protection
      . The ESM re-enables all rules and sends the updated endpoint protection security policy to the endpoints at the next heartbeat communication with the Traps agents.

Related Documentation