Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

231

232

233

234

235

236

237

238

239

240

Manage Policies

216

Macros Alert

Alert

Block

Alert monitors Office macros running in the environment. Recommended for

initial deployment.

Block allows Office macros to run only from specific folders. This should be

used only after testing in Alert mode.

Note: Starting with Office 2013, macros are disabled by default. Most of the

time, users should not be required to enable macros to view the content of an

Office document. Dell recommends enabling macros only for documents from

trusted users. Otherwise, macros should always be disabled.

This policy does not apply to Mac clients.

PowerShell Alert

Alert

Block

Alert (default) - Monitors PowerShell scripts running in the environment.

Recommended for initial deployment.

Block - Allow PowerShell scripts to run only from specific folders. This should

be used only after testing in Alert mode.

This policy does not apply to Mac clients.

PowerShell Console

Allow

Block

Allow (default) - Allows the PowerShell v3 console to be launched.

Block - Blocks the PowerShell v3 console from being launched. Provides

additional security by protecting against the use of PowerShell one-liners.

Note: If this policy is set to Block and you use a script that launches the

PowerShell console, the script will fail. It is recommended that users change

their scripts to invoke the PowerShell scripts, not the PowerShell console.

This policy applies only to PowerShell v3 and does not apply to Mac clients.

Enable Approve

Scripts in Folders

(and Subfolders)

Not Selected

Selected

Not Selected

Allows scripts stored in specific folders to be automatically approved to run.

This policy must be selected to use the Script Control Approve Scripts in

Folders (and Subfolders policy).

This policy does not apply to Mac clients.

Approve Scripts in

Folders (and

Subfolders)

String

Folders specified in this policy are excluded from actions performed based on

the Script Control policy. This exclusion extends to subfolders of folders that

are specified with this policy.

A folder must be specified using its relative path. A path may not include the

drive letter. Example: \Cases\ScriptsAllowed

A specified path may represent any of the following:

- local drive path

- mapped network drive path

- universal naming convention (UNC) path

This policy does not apply to Mac clients.

Quarantine String

String

The value of this policy includes a collection of hashes for portable executable

that need to be automatically quarantined within the Endpoint Group or on

the specific Endpoint. This policy will force quarantine files based on a SHA256

hash of the specific portable executable.

Waive String

String

The value of this policy includes a collection of hashes for portable executable

that need to be allowed to run within the Endpoint Group or on the specific

Endpoint. This policy will force allow files based on a SHA256 hash of the

specific portable executable.

Global Allow String

String

This policy defines a change to the local math model to prevent problematic

portable executable to properly run on the machine. This is used in situations

where normal exclusions may not properly apply to the files that are needing

to be waived. The value of this policy will consist of an XML blob that can be