Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

211

212

213

214

215

216

217

218

219

220

Security Management Server v10.2.11 AdminHelp

Waive String

String

The value of this policy includes a collection of hashes

for portable executable that need to be allowed to run

within the Endpoint Group or on the specific Endpoint.

This policy will force allow files based on a SHA256

hash

of the specific portable executable.

Global Allow String

String

This policy defines a change to the local math model to prevent problematic

portable executable to properly run on the machine. This is used in situations

where normal exclusions may no

t properly apply to the files that are needing

to be waived. The value of this policy will consist of an XML blob that can be

provided by support if it is required.

The value of this policy must include the entire contents

of the policy.xml file. Copy and

paste the contents of

policy.xml into the policy editor as shown in

this

example

Global

Quarantine List

String

The value of this policy includes a collection of hashes

for portable executa

ble that need to be automatically

quarantined within the enterprise. This policy will force

quarantine files based on a SHA256 hash of the specific

portable executable.

Global Safe

List

String

The value of this policy includes a collection of hash

es for portable executable

that need to be allowed to run within the enterprise. This policy will force

allow files based on a SHA256 hash of the specific portable executable.

Agent Settings

Suppress Popup

Notifications

Not Selected

Selected

Not Selected

If Selected, popup notifications for Advanced Threat

Prevention events do not display on the client computer.

Minimum Popup

Notification

Level

High

Medium

Low

Severity level of events that result in popup

notifications that display on the client com

puter.

A setting of High allows only notifications of critical

events to display. A setting of Low displays all on

screen

notifications for all events. Listed below are examples of

events that fall into the severity levels:

High

1) Protection status has ch

anged. (Protected means that

the Advanced Threat Prevention service is running and

protecting the computer and needs no user or administrator

interaction.)

2) A threat is detected and policy is not set to

automatically address the threat.

Medium

1) Executi

on Control blocked a process from starting

because it was detected as a threat.

2) A threat is detected that has an associated mitigation

(for example, the threat was manually quarantined), so the

process has been terminated.

3) A process was blocked or te

rminated due to a memory

violation.

4) A memory violation was detected and no automatic

mitigation policy is in effect for that violation type.

Low

1) A file that was identified as a threat has been added

to the Global Safe List or deleted from the file sy

stem.

2) A threat has been detected and automatically

205