Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureData Guardian

221

222

223

224

225

226

227

228

229

230

Security Management Server Virtual v10.2.7 AdminHelp

213

Enable Change

Window

Not Selected

Selected

Not Selected

If selected, Application Control is temporarily disabled to allow, edit, and run

new applications or perform updates. This includes updating the Advanced

Threat Prevention agent. After performing the necessary changes, deselect

Enable Change Window.

Note: Enable Change Window retains changes made to Application Control.

Deselecting Application Control and resetting back to Selected resets

Application Control to default values.

This policy does not apply to Mac clients.

Script Control

Not Selected

Selected

Not Selected

If Selected, Script Control protects devices by blocking malicious scripts from

running.

Note: Script Control is currently only available for PowerShell and Active

Scripts.

This policy does not apply to Mac clients.

Script Control

Mode

Alert

Block

Alert monitors scripts running in the environment. Recommended for initial

deployment.

Block allows scripts to run only from specific folders. This should be used only

after testing in Alert mode.

This policy does not apply to Mac clients.

Active Script Alert

Alert

Block

Alert monitors Active Scripts running in the environment. Recommended for

initial deployment.

Block allows Active Scripts to run only from specific folders. This should be

used only after testing in Alert mode.

This policy does not apply to Mac clients.

Macros Alert

Alert

Block

Alert monitors Office macros running in the environment. Recommended for

initial deployment.

Block allows Office macros to run only from specific folders. This should be

used only after testing in Alert mode.

Note: Starting with Office 2013, macros are disabled by default. Most of the

time, users should not be required to enable macros to view the content of an

Office document. Dell recommends enabling macros only for documents from

trusted users. Otherwise, macros should always be disabled.

This policy does not apply to Mac clients.

PowerShell Alert

Alert

Block

Alert (default) - Monitors PowerShell scripts running in the environment.

Recommended for initial deployment.

Block - Allow PowerShell scripts to run only from specific folders. This should

be used only after testing in Alert mode.

This policy does not apply to Mac clients.

PowerShell Console

Allow

Block

Allow (default) - Allows the PowerShell v3 console to be launched.

Block - Blocks the PowerShell v3 console from being launched. Provides

additional security by protecting against the use of PowerShell one-liners.

Note: If this policy is set to Block and you use a script that launches the

PowerShell console, the script will fail. It is recommended that users change

their scripts to invoke the PowerShell scripts, not the PowerShell console.

This policy applies only to PowerShell v3 and does not apply to Mac clients.