Reference Guide
Manage Policies
212
Watch for New
Files
Selected
Selected
Not Selected
If selected, any new or modified files are detected and analyzed for dormant
threats.
Dell recommends enabling this policy. However, If Auto Quarantine is enabled
for all Unsafe or Abnormal files, all malicious files are blocked at execution.
Therefore, it is not necessary to enable this policy with Auto Quarantine mode
unless you prefer to quarantine a file as it is added to a disk but before
execution.
Set Maximum
Archive File Size to
Scan
150 MB
The default setting is 150 MB.
Specify the maximum size of archive (compressed) files, including .jar files to
be scanned. Because scanning compressed files can negatively affect computer
performance, Dell recommends Quick-Scan - Scan Archives and Full-Scan -
Scan
Archives to run during off-work hours.
Protection Settings
Enable Exclude
Specific Folders
(includes
subfolders)
Selected
Selected
Not Selected
Allow specific folders to be excluded from Auto Quarantine and Auto Upload.
This policy must be Selected to use the Exclude Specific Folders policy.
Exclude Specific
Folders (includes
subfolders)
String
String
Folders specified in this policy are excluded from actions performed based on
Background Threat Detection and Watch for
New Files, when these policies are
enabled. This exclusion extends to subfolders of folders that are specified in
this policy.
All exclusions must be specified using the Absolute path of that executable file.
Windows requires an absolute path (requires a drive letter)
Mac requires an absolute path (macOS does not use a drive letter)
Correct (Windows): C:\Program Files\Dell
Correct (Mac): /Mac\ HD/Users/Application\ Support/Dell
Incorrect: C:\Program Files\Dell\Executable.exe
Incorrect: \Program Files\Dell\
Spaces only must be escaped on Mac-based exclusions.
Application Control
Application Control
Not Selected
Selected
Not Selected
If Selected, specified devices are locked down, restricting any changes. Only
applications that exist on a device before the lock-down are allowed to
execute on that device. Any new applications, as well as changes to the
executables of existing applications, are denied. The Advanced Threat
Prevention agent updater is also disabled.
Additionally, certain File Action, Memory Action, and Execution Control
policies are automatically set. These policies may be changed after they are
automatically set, without disabling Application Control. See Policies Set by
Application Control for a list of policies that are automatically set when the
Application Control policy is Selected.
To exclude specific folders from lockdown, specify the folders in the
Application Control Allowed Folders policy.
IMPORTANT: Specify the following folder in the Application Control Allowed
Folders policy when running Data Guardian Protected Office mode with this
policy Selected: C:\Users\<Username>\AppData\Local\assembly\tmp
This policy does not apply to Mac clients.
Application Control
Allowed Folders
String
String
Specify folders to be excluded from Application Control lockdown.
IMPORTANT: Specify the following folder in this policy when running Data
Guardian Protected Office mode with the Application Control policy Selected:
C:\Users\<Username>\AppData\Local\assembly\tmp