Restriction Rules
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Restriction Rules
A restriction rule limits the surface of
an attack on a Windows endpoint by defining where and how your users
can run executable files. The following table displays the different
types of restrictions you can configure:
Restriction Rules | Description |
|---|---|
Running executable files from certain
folders | Many attack scenarios are based on writing
malicious executable files to certain folders and then running them.
For example the local temp and download folders are commonly used
to store and later run malicious executable files. To make an exception
to this general restriction, you can add specific folders to a whitelist.
For more information, see Manage
Global Whitelists, Block
Execution from Local and Network Folders, and Whitelist
a Network Folder. |
Running executable files from external
media | Malicious code can gain access to endpoints
via external media such as removable drives and optical drives.
To protect against this, you can define restrictions that control
the executable files, if any, that users can launch from external
drives attached to the endpoints in your network. For more information,
see Define
External Media Restrictions. |
Processes spawning child processes | Child Process Restriction rules have been
deprecated and are superseded by the Child Process Protection malware
protection module (MPM). To block malicious child processes run
from parent processes, Configure
Child Process Protection. |
Java processes run from browsers | Java Restriction rules have been deprecated. |