Manage Malware Protection Rules
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Manage Malware Protection Rules
Malware protection rules enable you to restrict malware-related
behavior. When enabled, these modules use a whitelist model that
allows process injection for only those processes specified in the
policy. The default malware protection policies that come preconfigured
with the ESM software grant exceptions to common legitimate processes
that must inject into other processes or modules.
When new malware protection rules are added to the security policy,
the Traps rules mechanism merges all configured rules into an effective
policy that is evaluated for each endpoint. In the case of a potential
conflict between two or more rules, there are a set of considerations,
such as modification date, that determine which rule takes effect
(for more information, see Policy
Enforcement). To retain whitelists across malware protection
rules, you can opt to merge the whitelists.
For additional questions about configuring
malware protection rules, contact Support team or your Sales Engineer.