Reference Guide
Security Management Server Virtual v10.2.11 AdminHelp
Waive String
String
The value of this policy includes a collection of hashes
for portable executable that need to be
allowed to run
within the Endpoint Group or on the specific Endpoint.
This policy will force allow files based on a SHA256 hash
of the specific portable executable.
Global Allow String
String
This policy defines a change to the local math model to preven
t problematic
portable executable to properly run on the machine. This is used in situations
where normal exclusions may not properly apply to the files that are needing
to be waived. The value of this policy will consist of an XML blob that can be
provide
d by support if it is required.
The value of this policy must include the entire contents
of the policy.xml file. Copy and paste the contents of
policy.xml into the policy editor as shown in
this
ex
ample.
Global
Quarantine List
String
String
The value of this policy includes a collection of hashes
for portable executable that need to be automatically
quarantined within the enterprise. This policy will force
quarantine files based on a SHA256 hash o
f the specific
portable executable.
Global Safe
List
String
String
The value of this policy includes a collection of hashes for portable executable
that need to be allowed to run within the enterprise. This policy will force
allow files based on a SHA256
hash of the specific portable executable.
Agent Settings
Suppress Popup
Notifications
Not Selected
Selected
Not Selected
If Selected, popup notifications for Advanced Threat
Prevention events do not display on the client computer.
Minimum Popup
Notification
Level
High
High
Medium
Low
Severity level of events that result in popup
notifications that display on the client computer.
A setting of High allows only notifications of critical
events to display. A setting of Low displays all on
-
screen
notifications for all events. Listed below are examples of
events that fall into the severity levels:
High
1) Protection status has changed. (Protected means that
the Advanced Threat Prevention service is running and
protecting the computer and needs no user or administrator
interaction.)
2) A threat is detected and policy is not set to
automatically address the threat.
Medium
1) Execution Control blocked a process from starting
because it was detected as a threat.
2) A threat is detected that has an associated mitiga
tion
(for example, the threat was manually quarantined), so the
process has been terminated.
3) A process was blocked or terminated due to a memory
violation.
4) A memory violation was detected and no automatic
mitigation policy is in effect for that viola
tion type.
Low
1) A file that was identified as a threat has been added
to the Global Safe List or deleted from the file system.
2) A threat has been detected and automatically
203