Policy Rule Types
A complete endpoint security policy comprises policies that target specific methods of protection. The rules that make up each of these policies enable you to enforce protection, manage Traps settings, and take action on your endpoints. You can configure rules that target specific objects or that take effect when they match specific conditions and, together, these rules help to secure the endpoints in your organization.
The following table describes the types of policies you can configure in the ESM Console:
Malware protection rules use protection modules to block common behavior initiated by malicious executable files. Each rule in the malware protection policy specifies the type of protection module used to block suspicious actions. The rule can also include a whitelist that specifies exceptions to the rule. For more information, see Malware Protection Rules.
Exploit protection rules determine the method of protection for processes that run on your endpoints. Each rule in the exploit prevention policy specifies the type of protection modules used to protect processes. For more information, see Exploit Protection Rules.
Restriction rules limit the scope of an attack by specifying where and how executable files can run that are launched on Windows endpoints. For more information, see Restriction Rules.
WildFire rules enable pre- and post-prevention analyses of executable files and macros by sending unknown files to the public or private WildFire cloud. For more information, see Configure a WildFire Rule.
Forensics rules enable you to set preferences about memory dump and forensic file collection. For more information, see Forensics Rules.
Agent settings rules enable you to change the values of Traps agent settings related to logging, heartbeat frequency, and console accessibility. For more information, see Traps Agent Settings Rules.
Action rules allow you to perform administrative activities on endpoints. The one-time management actions include uninstalling and upgrading Traps, updating licenses, protecting the Traps software, and clearing data files. For more information, see Traps Action Rules.
Common Rule Components and Actions
Common Rule Components and Actions Each type of rule has a specific set of required and optional fields that you can customize to meet the ...
Administrative Privileges For each custom administrative role that you create, you can select the privileges and levels of access for each privilege. The levels of ...
Forensics Rules Forensics management rules enable you collect forensics data captured by Traps from a central location. From the Policies Forensics Management page, you can ...
Malware Protection Flow
Malware Protection Flow To protect the endpoint from malicious and unknown executable files, the malware prevention engine employs four methods of protection: Phase 1: Evaluation ...
Policy Enforcement When you configure security policy rules, the Traps rules mechanism merges all configured rules into an effective policy that is evaluated for each ...
Manage Malware Protection Rules
Manage Malware Protection Rules Malware protection rules enable you to restrict malware-related behavior. When enabled, these modules use a whitelist model that allows process injection ...
Forensic Folder When Traps encounters a security-related event, such as a file execution or an exploit attack, it logs real-time forensic details about the event ...
Malware Protection Malware Protection Policy Best Practices Malware Protection Flow Manage Malware Protection Rules Manage Restriction Rules WildFire Integration Manage Hashes for Files Manage Trusted ...
Configure a WildFire Rule
Configure a WildFire Rule WildFire rules determine how Traps detects and responds to malware on your endpoints. You can create or edit WildFire rules on ...