Manage Saved Rules
After saving the rule, the name and description appear in the appropriate system logs and tables.
Select the rule to view details and perform any of the following actions:
(Action rules only) Create a new rule from an existing rule.
Discard the rule; the rule is removed from the system.
To delete multiple rules at the same time, select the rules and then select Delete Selected (non-Default) from the action menu at the top of the table.
If the rule was previously saved but not applied, you can Activate the rule to add it to the current security policy. If the rule is active, you can Deactivate it to remove the rule from the current security policy but not from the system.
To activate or deactivate multiple rules at the same time, select the rules and then select Activate Selected or Deactivate Selected from the menu at the top of the table. To disable or enable all exploit, malware, or forensics rules, see Disable or Enable All Protection Rules.
Edit the rule definition. Selecting this option opens the rule configuration dialog and allows you to change the rule definition. For more information, see Create an Exploit Protection Rule.
Import Rules/Export Selected
From the action menu at the top of the table, you can import rules or export selected rules. Exporting rules saves the selected rules to an XML file. For more information, see Export and Import Policy Files.
Show Default Rules/Hide Default Rules
From the action menu at the top of the table, you can expand the default rules or hide default rules. Select the rule to view additional information about the rule. For more information, see Show or Hide the Default Policy Rules.
When you show default rules and then select a rule, the ESM Console displays additional details about the rule settings and an option to Clone the rule. Cloning enables you to create a new rule that overwrites the default policy settings. For more information, see Show or Hide the Default Policy Rules.
Show or Hide the Default Policy Rules
Show or Hide the Default Policy Rules The Endpoint Security Manager security policy comes preconfigured with rules that protect against attacks that leverage common software ...
User-Defined Rules A user-defined rule is a rule that you—or additional administrators with access to the ESM Console—create to manage the Traps security policy and ...
Common Rule Components and Actions
Common Rule Components and Actions Each type of rule has a specific set of required and optional fields that you can customize to meet the ...
Add a New Action Rule
Add a New Action Rule For each action rule, you can specify organizational objects, conditions, and actions to take on each endpoint. Action rules apply ...
Disable or Enable All Protection Rules
Disable or Enable All Protection Rules If the endpoint protection security policy is causing issues for endpoints in your organization, you can quickly disable all ...
Define External Media Restrictions
Define External Media Restrictions Malicious code can gain access to endpoints through external media, such as removable drives and optical drives. To protect against this ...
Configure the Gatekeeper Enhancement MPM
Configure the Gatekeeper Enhancement MPM The Gatekeeper Enhancement MPM is an enhancement of the macOS gatekeeper functionality which allows apps to run based on their ...
Create an Exploit Protection Rule
Create an Exploit Protection Rule An exploit protection rule uses exploit protection modules (EPMs) to protect processes in your organization from specific exploitation techniques. Each ...
Traps Action Rules
Traps Action Rules Action rules enable you to perform one-time actions on the Traps agent that runs on each endpoint. For each action rule, you ...