Add a New Restrictions Security Profile
Restrictions security profiles limit the surface of an attack on a Windows endpoint by defining where and how your users can run files.
By default, the Traps agent will receive the default profile that contains a pre-defined configuration for each restrictions capability. To customize the configuration for specific Traps agents, configure a new Restrictions security profile and assign it to one or more policy rules.
To define a Restrictions security profile:
- Add a new profile.To create an installation package or manage security profiles after February 26, 2019, you must first change the default uninstall password to a new password which meets Traps management service security standards. You must do this even if you previously set a password. After you set an uninstall password, you will not receive additional notifications. To later change the uninstall password, create an Agent Settings Profile that you can assign to a policy rule.
- From Traps management service, select SecurityProfiles.
- Select Windows as the type
of platform to which the profile applies.The Restrictions security profile is not available for Linux, Mac, or Android endpoints.
- Define the basic settings.
- Enter a unique Name to identify the profile. The name can contain only letters, numbers, or spaces, and must be no more than 30 characters. The name you choose will be visible from the list of profiles when you configure a policy rule.
- To provide additional context for the purpose or business reason that explains why you are creating the profile, enter a profile Description. For example, you might include an incident identification number or a link to a help desk ticket.
- Configure each of the Restrictions Protection
- Configure the action to take when a file
attempts to run from a specified location.
- Block—Block the file execution.
- Notify—Allow the file to execute but notify the user that the file is attempting to run from a suspicious location. The Traps agent also reports the event to Traps management service.
- Report—Allow the file to execute but report it to Traps management service.
- Disabled—Disable the module and do not analyze or report execution attempts from restricted locations.
- Default—Use the default configuration to determine the action to take. Traps management service displays the default value for each capability in parenthesis. For example, Default (Block).
- Whitelist or blacklist files, as needed.The type of protection capability determines whether the capability supports a whitelist, blacklist, or both. With a whitelist, the action mode you configure applies to all the paths except for those that you specify. With a blacklist, the action applies only to the paths that you specify.
- Add (+) a file or folder.
- Enter the path and press Enter or click the check mark when done. You can also use a wildcard to match a partial name for the folder and environment variables. Use ? to match any single character or * to match any string of characters. To match a folder, you must terminate the path with * to match all files in the folder (for example, c:\temp\*).
- Repeat to add additional folders.
- Configure the action to take when a file attempts to run from a specified location.
- Save the changes to your profile.
- Assign the profile to a policy rule (see Configure a Policy Rule).
Traps Profiles Traps management service provides default security profiles that you can use out of the box to immediately begin protecting your endpoints from threats. ...
Features Introduced in 2018
Introducing new features in the Traps management service by month during 2018. ...
Add a New Exploit Security Profile
Add a New Exploit Security Profile Exploit security profiles allow you to configure the action Traps takes when attempts to exploit software vulnerabilities or flaws ...
Add a New Malware Security Profile
Add a New Malware Security Profile Malware security profiles allow you to configure the action Traps takes when known malware and unknown files try to ...
Block Execution from Network Folders
Block Execution from Network Folders To prevent attack scenarios that are based on writing malicious executable files to remote folders, you can create a restriction ...
Migrate from the Traps Endpoint Security Manager to the Tra...
Migrate from Traps Endpoint Security Manager to Traps Management Service You can easily migrate the Traps agent from management by the Endpoint Security Manager (ESM) ...
Protection Capabilities Each security profile provides a tailored list of protection capabilities that you can configure for the platform you select. The following table describes ...
Block Execution from Local Folders
Block Execution from Local and Network Folders Many attack scenarios are based on writing malicious executable files in remote folders and common local folders—such as ...
Block Execution from Local Folders
Block Execution from Local Folders Many attack scenarios are based on writing malicious executable files in common local folders, such as temp and download, and ...