Reference Guide
Security Management Server v10.2.10 AdminHelp
205
Waive String
String
The value of this policy includes a collection of ha
shes
for portable executable that need to be allowed to run
within the Endpoint Group or on the specific Endpoi
nt.
This policy will force allow files based on a
SHA256 hash
of the specific portable execut
able.
Global Allow String
String
This policy defin
es a change to the local math model to prevent problematic
portable executable to properly run on the machine.
This is used in situations
where normal exclusions
may not properly apply to the files that are needing
to be waived. The value of this policy wi
ll consist of an XML blob that can be
provided by support if it is requ
ired.
The value of this policy must incl
ude the entire contents
of the policy.xml file. Co
py and paste the contents of
policy.xml into the policy editor as shown in
this
exam
ple.
Global
Quarantine List
String
String
The value of this po
licy includes a collection of hashes
for portable
executable that need to be automatically
quarantined within the enterprise. This policy will f
orce
quarantine files based on a SHA256 hash of the specific
portable execut
able.
Global Safe
List
String
String
The value of this policy includes a collection
of hashes for portable executable
that need to be allowed to run within the enterprise. This p
olicy will force
allow files based on a SHA256 hash of the specific portable execut
able.
Agent Settings
Suppress Popup
Notifications
Not Selected
Selected
Not
Selected
If Selected, popup notifications for Advanced Threat
Prevention events do not display
on the client computer.
Minimum Popup
Notification
Level
High
High
Medium
Low
Severity level of events that res
ult in popup
notifications that display on the cl
ient computer.
A setting of High allows only notifications of critical
events to display. A set
ting of Low displays all on-
screen
notifications for all events. Listed below are examples of
events that fall i
nto the severity levels:
High
1) Protection statu
s has changed. (Protected means that
the Advanced Threat Prevention service is running and
protecting the computer and needs no user or administrator
interact
ion.)
2) A threat is detected and policy is not s
et to
automatically address the threat.
Medium
1)
Execution Control blocked a process from starting
because it was detected as a th
reat.
2) A th
reat is detected that has an associated mitigation
(for example, the threat was manually quarantined), so the
pr
ocess has been terminated.
3) A process was block
ed or terminated due to a memory
viola
tion.
4) A memory violation was detected and no automatic
mitigation policy is in effect for that violation type.
Low
1) A fil
e that was identified as a threat has been added
to the Global Safe List or deleted from the
file system.
2) A threat has been detected and automatically