Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

251

252

253

254

255

256

257

258

259

260

Security Management Server v10.2.11 AdminHelp

Quarantine List

The Global Quarantine List contains hashes of files to be quarantined as shown in this example:

0A5F695900F1FC75070BB8B7C7A55B5BCFAAD6FE

525E7A55B5BCB6B16F25B5DD6CE11DFC6DD0B4E6

Safe List

The Global Safe List contains hashes of files to be quarantined as shown in this example:

0A5F695900F1FC75070BB8B7C7A55B5BCFAAD6FE

525E7A55B5BCB6B16F25B5DD6CE11DFC6DD0B4E6

Threat Protection Policy Overview

Threat Protection policies are divided into the following categories:

• Threat Protection

• Client Firewall

• Web Protection

When you set the Threat Protection policy to Selected, you can then set policies for these client options:

• Actions to take when malicious activity is identified (Block, Report, Block and Report)

Policies allow you to set the action to take when users attempt to modify or delete Threat

Protection system files, registry keys, and processes. The default setting for these policies is

Block and Report: Action on Malicious Activity for Files and Folders, Action on Malicious Activity

for Registry, and Action on Malicious Activity for Processes.

• Exclusion of specified processes from Threat Protection scans

• Logging locations and debug/verbose logging of certain activities

Activity logging is enabled by default. Debug logging is disabled by default.

• Client update scheduling

Client updates ensure that client computers are always protected from the latest threats through

content files that include definitions of threats such as viruses and spyware, that are used to

detect threats. The Client Update Schedule policy is selected (Enabled) by default. The Client

Update Schedule Repeats policy, which determines the frequency of client updates, is set to

Daily by default.

The following policies represent the different types of scans included in Threat Protection:

On-Access Protection – When a user accesses files, folders, and programs, the on-access scanner

intercepts the operation and scans the item. Default: Selected (Enabled).

On-Demand Protection - Full Scan – Based on a schedule set in policy, the on-demand scanner runs a

thorough check of all areas of the computer. Default: Selected (Enabled).

By default, every time Full Scan runs, it scans the following for threats:

• Computer memory for installed rootkits, hidden processes, and other behavior that suggests

malware is attempting to hide itself. This scan occurs before all other scans.

• Memory of all running processes.

245