Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEncryption

211

212

213

214

215

216

217

218

219

220

Security Management Server Virtual v10.2.10 AdminHelp

203

Waive String

String

The value of this policy includes a coll

ection of hashes

for portable executable that need to be allowed to run

wit

hin the Endpoint Group or on the specific Endpoint.

This policy will for

ce allow files based on a SHA256 hash

of the specific portable executable.

Global Allow String

String

This

policy defines a change to the local math model to prevent problematic

port

able executable to properly run on the machine. This is used in situations

where normal exclusions

may not properly apply to the files that are needing

to be waived. The value of th

is policy will consist of an XML blob that can be

provided by support if it

is required.

The value of this policy must include the entire contents

of the policy.xml file. Co

py and paste the contents of

policy.xml into the policy editor as shown in

this

example

Global

Quarantine List

String

The value of this policy includes a collect

ion of hashes

for portable

executable that need to be automatically

quarantined within the enterprise. This po

licy will force

quarantine files based on a SHA256 hash of the specific

rtable executable.

Global Safe

List

String

The value of this po

licy includes a collection of hashes for portable executable

that need to be allowed to run within the enterpr

ise. This policy will force

allow files based on a SHA256 hash of the spec

ific portable executable.

Agent Settings

Suppress Popup

Notifications

Not Selected

Selected

Not Selected

If Selected, popup notifications for Advanced Threat

Prevention events do n

ot display on the client computer.

Minimum Popup

Notification

Level

High

Medium

Low

Severity level of events that resu

lt in popup

notificati

ons that display on the client computer.

A setting of High allows only notifications of critical

events to dis

play. A setting of Low displays all on-

screen

notifications for all events. Listed below are examples of

events that fall in

to the severity levels:

High

1) Protection status has changed. (Protected means that

the Advanced Threat Prevention service is runni

ng and

protecting the computer and needs no user or administrator

interact

ion.)

2) A threat is detected and policy is not set to

automatically add

ress the threat.

Medium

1) Execution Control blocked a process from starting

because it was detected as a thre

at.

2) A threat is detected that has an associated mitigation

(for example

, the

threat was manually quarantined), so the

process has been terminat

ed.

3) A process was blocked or terminated due to a memory

violation.

4) A memory violation was detected and n

o automatic

mitigation policy is in effect for that violation type.

Low

A file that was identified as a threat has been added

to the Global Saf

e List or deleted from the file system.

2) A threat has been detected and automatically