Reference Guide
Manage Policies
250
<policy_name>Default</policy_name>
<policy_company>Acme</policy_company>
<policy_company_id>uxSYabW9P2nMbGLzuqJhvT9Y</policy_company_id>
<policy_utctimestamp>Date(-62135596800000+0000)</policy_utctimestamp>
<filetype_actions>
<suspicious_files file_type="executable" actions="7" />
<threat_files file_type="executable" actions="7" />
</filetype_actions>
<memoryviolation_actions>
<memory_violation violation_type="stackpivot" action="Alert" />
<memory_violation violation_type="stackprotect" action="Block" />
<memory_violation violation_type="stackpivot" action="Terminate" />
<memory_violation violation_type="overwritecode" action="None" />
<memory_violation violation_type="outofprocessallocation" action="Scuba"
/>
<memory_violation violation_type="outofprocessmap" action="Alert" />
<memory_violation violation_type="outofprocesswrite" action="Block" />
<memory_violation violation_type="outofprocesswritepe"
action="Terminate" />
<memory_violation violation_type="outofprocessoverwritecode"
action="None" />
<memory_violation violation_type="outofprocessunmapmemory"
action="Alert" />
<memory_violation violation_type="outofprocesscreatethread"
action="Alert" />
<memory_violation violation_type="outofprocessapc" action="Alert" />
<memory_violation violation_type="lsassread" action="Alert" />
<memory_exclusion_list>
<path>temp\files\exe1.exe</path>
<path>stuff\folder\exe2.exe</path>
</memory_exclusion_list>
</memoryviolation_actions>
<appcontrol>
<changewindow_enabled>0</changewindow_enabled>
<lockdown lockdown_type="executionfromexternaldrives" action="deny" />