Malware Protection Rules

A
malware protection rule
prevents the execution of malware, often disguised as or embedded in non-malicious files, by using malware modules to target process behaviors that are commonly triggered by malware.
You can activate malware protection modules in all processes or enable protection of one or more protected processes in your organization.
The following table describes the malware protection modules:
Malware Protection Rules
Description
Child Process Protection
(
Windows only
) The Child Process Protection MPM prevents script-based attacks used to deliver malware such as ransomware by blocking known targeted processes from launching child processes commonly used to bypass traditional security approaches. For more information, see Configure Child Process Protection.
Anti-Ransomware Protection
(
Windows only
) The Anti-Ransomware Protection MPM targets encryption-based activity associated with ransomware with the ability to analyze and halt ransomware activity before any data loss occurs. Configure Anti-Ransomware Protection.
Gatekeeper Enhancement
(
Mac only
) The Gatekeeper Enhancement MPM is an enhancement of the macOS gatekeeper functionality which allows apps to run based on their digital signature. The MPM provides an additional layer of protection by extending gatekeeper functionality to child processes to enforce the signature level of your choice. For more information, see Configure the Gatekeeper Enhancement MPM.

Recommended For You