Reference Guide
Manage Policies
204
Advanced Threat
Prevention
Off
On
Off
Toggle ON to enable Advanced Threat Prevention. If this policy is toggled to
OFF, Advanced Threat Prevention is disabled, and policies are set to defaults
for activated devices. This results in Execution Control blocking threats, but
Auto Quarantine, Memory Protection, and Script Control will be disabled.
File Actions
Unsafe Executable
Auto Quarantine
With Executable
Control Enabled
Selected
Selected
Not Selected
If selected, Unsafe executable files are automatically quarantined or
blocked to prevent their execution.
Note: If you Auto Quarantine, it is highly recommended that before
deployment, you test Auto Quarantine only on devices using a test
policy to observe the behavior and ensure that no business-critical
applications are blocked at execution.
Unsafe Executable
Auto Upload
Enabled
Selected
Selected
Not Selected
If selected, any detected Unsafe file is automatically uploaded for a deeper
analysis and additional details about the file.
Abnormal
Executable Auto
Quarantine With
Executable Control
Enabled
Selected
Selected
Not Selected
If selected, Abnormal executable files are automatically quarantined
or blocked to prevent their execution.
Note: If you Auto Quarantine, it is highly recommended that before
deployment, you test Auto Quarantine only on devices using a test
policy to observe the behavior and ensure that no business-critical
applications are blocked at execution.
Abnormal
Executable Auto
Upload Enabled
Selected
Selected
Not Selected
If selected, any detected Abnormal file is automatically uploaded for a deeper
analysis and additional details about the file.
Allow Execution of
Files in Exclude
Folders
Not Selected
Selected
Not Selected
If selected, executable files are allowed to run, even if they are in folders
excluded in the Exclude Specific Folders policy.
Auto Delete Not Selected
Selected
Not Selected
If selected, after the time period specified in the Days until Deleted policy, files
that are quarantined on an endpoint are automatically deleted.
Days until Deleted
14
14-365 days
Number of days until files that are quarantined on an endpoint are
automatically deleted.
Memory Actions
Memory Protection
Enabled
Not Selected
Selected
Not Selected
This policy must be selected to use all other Memory policies. If this policy is
Not Selected, no Memory Action policies are enforced, regardless of other
policy values.
NOTE: Before enabling Memory Protection, enable Compatibility Mode, to
ensure applications function properly on the client computer. For instructions
on how to enable Compatibility Mode, see Enable Compatibility Mode for
Memory Protection.
Compatibility Mode does not apply to Mac clients.
Enable Exclude
executable files
Selected
Selected
Not Selected
Allow specific process files to be excluded
from Memory Protection. This policy
must be selected to use the Exclude executable files policy.