Administrator Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Enterprise

● Agents - Provides information about devices running the Advanced Threat Prevention client as well as the option to export

the information or remove devices from the list.

● Global List - Lists files in the Global Quarantine and Safe List and provides the option to move files to these lists.

● Options - Provides a way to integrate with Security Information Event Management (SIEM).

● Certificate - Allows certificate upload. After upload, certificates display on the Global List tab and can be Safe listed.

Tables on the tabs can be organized in these ways:

● Add or remove columns from the table - Click the arrow next to any column header, select Columns, then select the

columns to display. Clear the check box of columns to hide.

● Sort the data - Click a column header.

● Group by a column - Drag the column header up until it turns green.

Advanced Threat Events tab

The Advanced Threat Events tab displays information about events for the entire enterprise based on information available in

the Dell Server.

The tab displays if the Advanced Threat Prevention service is provisioned and licenses are available.

To export data from the Advanced Threat Events tab, click Export and select Excel or CSV file format.

NOTE: Excel Files are limited to 65,000 rows. CSV has no size limit.

Cylance Score and Threat Model Updates

A Cylance score is assigned to each file that is deemed Abnormal or Unsafe. The score represents the confidence level that the

file is malware. The higher the number, the greater the confidence.

The predictive threat model used to protect devices receives periodic updates to improve detection rates.

Two columns on the Protection page in the Management Console show how a new threat model affects your organization.

Display and compare the Production Status and New Status columns to see which files on devices might be impacted by a

model change.

To view the Production Status and New Status columns:

1. In the left pane, click Populations > Enterprise.

2. Select the Advanced Threats tab.

3. Click the Protection tab.

4. Click the down-arrow on a column header in the table.

5. Hover over Columns.

6. Select the Production Status and New Status columns.

Production Status - Current model status (Safe, Abnormal or Unsafe) for the file.

New Status - Model status for the file in the new model.

For example, a file that was considered Safe in the current model might change to Unsafe in the new model. If your organization

needs that file, you can add it to the Safe list. A file that has never been seen or scored by the current model might be

considered Unsafe by the new model. If your organization needs that file, you can add it to the Safe list.

Only files found on device in your organization and that have a change in its Cylance Score are displayed.

Some files

might have a Score change but still remain within its current Status. For example, if the Cylance Score for a file goes from 10 to

20, the file status may remain Abnormal and the file displays in the updated model list (if this file exists on devices in your

organization).

Compare Current Model with New Model

You can now review differences between the current model and the new model.

The two scenarios you should be aware of are:

Production Status = Safe, New Status = Abnormal or Unsafe

● Your Organization considers the file as Safe

● Your Organization has Abnormal and/or Unsafe set to Auto-Quarantine

In the above scenarios, the recommendation is to Safelist the files to allow in your organization.

Identify Classifications

To identify classifications that could impact your organization, Dell recommends the following approach:

1. Apply a filter to the New Status column to display all Unsafe, Abnormal, and Quarantined files.

Threats