Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products

What is Dell Threat Defense?

Summary: Dell Threat Defense is a Software as a Service (SaaS) solution that uses Cylance’s advanced threat prevention to manage malware before it can affect a host.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms

Note:

This guide gives a brief description on the functions and features of Dell Threat Defense.


Affected Products:

Dell Threat Defense

Affected Operating Systems:

Windows
Mac


Cause

Not applicable.

Resolution

The following are common questions that are asked about Dell Threat Defense:

Note: Some questions may redirect you to a different page due to the complexity and length of the answer.

Dell Threat Defense is an advanced threat prevention program that is installed on either Windows (desktop or server) or Mac (desktop) platforms. These platforms rely on a web console to manage threats, reporting, policies, and upgrades.
Web console communication

Dell Threat Defense can work online or offline as it analyzes files by:

Initial Scan: Dell Threat Defense on activation performs an initial scan against all active processes and files.

File Hash Lookup: Dell Threat Defense checks if the file signature (known as a hash) was previously identified as a threat.

Once the initial scan is complete, it provides continuous protection through:

Process Scan: Dell Threat Defense performs a scan on processes running and configured for auto start.

Execution Control: Dell Threat Defense analyzes files on execution.

Analyzed files are identified as threats by:

Local Threat Score: Dell Threat Defense uses a mathematical model to apply a score to files and processes that are determined to be a potential threat.

Global Threat Score: The local threat score is sent up to the web console and compared globally to all other Cylance environments.

Dell Threat Defense uses this score to determine the correct actions to take against files that are identified as a threat. Depending on policies, threats are handled in two ways:

Flagged: Files are identified as either unsafe or abnormal based on the local and global score. A Dell Threat Defense administrator can choose to:

  • Proactively/reactively quarantine identified threats from one or more endpoints.
  • Proactively/reactively safe-list files that are incorrectly identified as threats from one or more endpoints.

Auto-Quarantine: Files that are identified as either unsafe or abnormal are automatically quarantined. A Dell Threat Defense administrator can choose to retroactively safe-list files that are incorrectly identified as threats.

 
Note:
  • Files that are retroactively safe-listed are automatically removed from quarantine and placed back in their original location.
  • For more information about managing threats, reference the Protection section in How To Manage Dell Threat Defense.
Dell Threat Defense workflow

The system requirements for Dell Threat Defense depend on whether the endpoint is using Windows or Mac endpoints. For a complete listing on each platform's requirements, reference Dell Threat Defense System Requirements for more information.

Dell Threat Defense can be downloaded directly from the web console by a Dell Threat Defense administrator. More information can be found under the Device section in How to Download Dell Threat Defense.

 
Note: Dell Threat Defense is not available to download directly from support.dell.com, as the web console requires an active subscription for access.

The installation process for Dell Threat Defense varies between Windows and Mac platforms. For a complete walkthrough on both platforms, reference How to Install Dell Threat Defense.

On Mac OS X El Capitan (10.11.X) and later, System Integrity Protection (SIP) may need to be temporarily disabled. For more information, reference How to Disable System Integrity Protection for Dell Data Security / Dell Data Protection Mac Products.

On macOS High Sierra (10.13.X) and later, Dell Data Security kernel extensions may need to be approved. For more information, reference How to Allow Dell Data Security Kernel Extensions on macOS.

An administrator may get an invite error when attempting to log in to the Dell Threat Defense tenant if they let their invitation lapse by seven days.

To resolve this issue:

Contact ProSupport using Dell Data Security International Support Phone Numbers.

An installation token is required to install Dell Threat Defense. For a complete walkthrough, reference How to Obtain an Installation Token for Dell Threat Defense.

Dell Threat Defense uses a web console to manage threats, policies, updates, and reporting for all endpoints. For an overview on all the main features, reference How To Manage Dell Threat Defense.

Files are safe-listed in the administration console of Dell Threat Defense. For more information, reference How to Safe List Files in Dell Threat Defense.

Each environment's policy recommendations may vary depending on requirements. For testing and baseline purposes, reference Dell Threat Defense Policy Recommendations.

A secure hash algorithm (SHA)-256 may be used in Dell Threat Defense exclusions. For more information, reference How to Identify a File's SHA-256 Hash for Anti-Virus and Malware Prevention Applications.

The product version for Dell Threat Defense varies between Windows and Mac platforms. For a comprehensive walkthrough, reference How to Identify the Dell Threat Defense Version.

Endpoint statuses may be pulled from Windows and Mac endpoints for an in-depth review. For more information, reference How to Analyze Dell Endpoint Security Suite Enterprise and Threat Defense Endpoint Status.

The log collection process for Threat Defense varies between Windows and Mac platforms. For a comprehensive walkthrough, reference How to Collect Logs for Dell Threat Defense.

The uninstall process for Dell Threat Defense varies between Windows and Mac platforms. For a complete walkthrough on both platforms, reference How To Uninstall Dell Threat Defense.


To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

 

Videos

 

Affected Products

Dell Encryption, Dell Threat Defense
Article Properties
Article Number: 000129647
Article Type: Solution
Last Modified: 20 dec 2022
Version:  16
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.