Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

211

212

213

214

215

216

217

218

219

220

Manage Policies

202

Block

Alert monitors Office macros r

unning in the environment.

Recommended for initial deployment.

Block all

ows Office macros to run only from specific

folders. This should be used only after testing in Alert

mode.

te: Starting with Office 2013, macros are disabled by

default. Most of the time, users should not be required to

enable macros to view the content

of an Office document.

Dell recommends enabling macros only for documents from

trusted users. Otherwise, macr

os should always be

disabled.

PowerShell Alert

Alert

Block

Alert (defaul

t) - Monitors PowerShell scripts running in

the environment. Recommended

for initial deployment.

Block

Allow PowerShell scripts to run only from specific

folders. This should be u

sed only after testing in Alert

mode.

This policy does not apply to Mac cli

ents.

PowerShell

Console

Allow

Block

Allow (default)

- Allows the PowerShell v3 console to be

launched.

Block

- Blocks the PowerShell v3 console from being

launched. Provides

additional security by protecting

aga

inst the use of PowerShell one-liners.

Note: If this policy is set to Block and you use a script

that launche

s the PowerShell console, the script will

fail. It is recommended that users change their scripts to

invoke t

he PowerShell scripts, not the PowerShell console.

This policy applies only

to PowerShell v3 and does not

apply to Mac clients.

Enable Approve

Scripts in

Folders (and

Subfolders)

Not Selected

Selected

Not Selected

Allows scripts stored in specific folders

to be

automatically approved to run.

This policy must be

selected to use t

he Script Control Approve Scripts in

Folders (and Subfolders policy).

Approve Scripts

in Folders (and

Subfolders)

String

Folders specified in this policy are excluded from actions

performed based on the Script C

ontrol policy. This

exclusion extends

to subfolders of folders that are

specified with this policy.

A folder

must be specified using its relative

path. A path

may not include the drive letter. Example:

Cases\ScriptsAllowed

A specified path may represent a

ny of the following:

- local drive path

- mapped network drive path

- universal naming convention (UNC) path

Quarantine String

String

The value of this policy includes a collection of hashes for portable executable

at need to be automatically quarantined within the Endpoint Group or on

the

specific Endpoint. This policy will force quarantine files based on a SHA256

hash of the specific

portable executable.