Manage Malware Protection Rules

Malware protection rules enable you to restrict malware-related behavior. When enabled, these modules use a whitelist model that allows process injection for only those processes specified in the policy. The default malware protection policies that come preconfigured with the ESM software grant exceptions to common legitimate processes that must inject into other processes or modules.
When new malware protection rules are added to the security policy, the Traps rules mechanism merges all configured rules into an effective policy that is evaluated for each endpoint. In the case of a potential conflict between two or more rules, there are a set of considerations, such as modification date, that determine which rule takes effect (for more information, see Policy Enforcement). To retain whitelists across malware protection rules, you can opt to merge the whitelists.
For additional questions about configuring malware protection rules, contact Support team or your Sales Engineer.

Related Documentation