Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

251

252

253

254

255

256

257

258

259

260

Manage Policies

244

<exclusionlisthash_secondary>rT..A==</exclusionlisthash_secondary>

</exclusion_list>

Threat Protection Policy Overview

Threat Protection policies are divided into the following categories:

• Threat Protection

• Client Firewall

• Web Protection

When you set the Threat Protection policy to Selected, you can then set policies for these client options:

• Actions to take when malicious activity is identified (Block, Report, Block and Report)

Policies allow you to set the action to take when users attempt to modify or delete Threat

Protection system files, registry keys, and processes. The default setting for these policies is

Block and Report: Action on Malicious Activity for Files and Folders, Action on Malicious

Activity for Registry, and Action on Malicious Activity for Processes.

• Exclusion of specified processes from Threat Protection scans

• Logging locations and debug/verbose logging of certain activities

Activity logging is enabled by default. Debug logging is disabled by default.

• Client update scheduling

Client updates ensure that client computers are always protected from the latest threats

through content files that include definitions of threats such as viruses and spyware, that are

used to detect threats. The Client Update Schedule policy is selected (Enabled) by default.

The Client Update Schedule Repeats policy, which determines the frequency of client

updates, is set to Daily by default.

The following policies represent the different types of scans included in Threat Protection:

On-Access Protection – When a user accesses files, folders, and programs, the on-access scanner intercepts

the operation and scans the item. Default: Selected (Enabled).

On-Demand Protection - Full Scan – Based on a schedule set in policy, the on-demand scanner runs a

thorough check of all areas of the computer. Default: Selected (Enabled).

By default, every time Full Scan runs, it scans the following for threats:

• Computer memory for installed rootkits, hidden processes, and other behavior that suggests

malware is attempting to hide itself. This scan occurs before all other scans.

• Memory of all running processes.

• All drives on the computer and their subfolders.

By default, the scanner scans all file types, regardless of extension.

On-Demand Protection - Quick Scan – Based on a schedule set in policy, the on-demand scanner runs a quick

check of areas of the computer that are most susceptible to threats. Default: Selected (Enabled).

By default, every time Quick Scan runs, it scans the following for threats: