What is Dell Threat Defense?

Dell Threat Defense is an advanced threat prevention program that is installed on either Windows (desktop or server) or Mac (desktop) platforms. These platforms rely on a web console to manage threats, reporting, policies, and upgrades.

Dell Threat Defense can work online or offline as it analyzes files by:

Initial Scan: Dell Threat Defense on activation performs an initial scan against all active processes and files.

File Hash Lookup: Dell Threat Defense checks if the file signature (known as a hash) was previously identified as a threat.

Once the initial scan is complete, it provides continuous protection through:

Process Scan: Dell Threat Defense performs a scan on processes running and configured for auto start.

Execution Control: Dell Threat Defense analyzes files on execution.

Analyzed files are identified as threats by:

Local Threat Score: Dell Threat Defense uses a mathematical model to apply a score to files and processes that are determined to be a potential threat.

Global Threat Score: The local threat score is sent up to the web console and compared globally to all other Cylance environments.

Dell Threat Defense uses this score to determine the correct actions to take against files that are identified as a threat. Depending on policies, threats are handled in two ways:

Flagged: Files are identified as either unsafe or abnormal based on the local and global score. A Dell Threat Defense administrator can choose to:

• Proactively/reactively quarantine identified threats from one or more endpoints.
• Proactively/reactively safe-list files that are incorrectly identified as threats from one or more endpoints.

Auto-Quarantine: Files that are identified as either unsafe or abnormal are automatically quarantined. A Dell Threat Defense administrator can choose to retroactively safe-list files that are incorrectly identified as threats.

The system requirements for Dell Threat Defense depend on whether the endpoint is using Windows or Mac endpoints. For a complete listing on each platform's requirements, reference Dell Threat Defense System Requirements for more information.

For supported Windows 10 feature updates, reference Dell Data Security / Dell Data Protection Windows Version Compatibility.

Dell Threat Defense can be downloaded directly from the web console by a Dell Threat Defense administrator. More information can be found under the Device section in How to Download Dell Threat Defense.

The installation process for Dell Threat Defense varies between Windows and Mac platforms. For a complete walkthrough on both platforms, reference How to Install Dell Threat Defense.

On Mac OS X El Capitan (10.11.X) and later, System Integrity Protection (SIP) may need to be temporarily disabled. For more information, reference How to Disable System Integrity Protection for Dell Data Security / Dell Data Protection Mac Products.

On macOS High Sierra (10.13.X) and later, Dell Data Security kernel extensions may need to be approved. For more information, reference How to Allow Dell Data Security Kernel Extensions on macOS.

An administrator may get an invite error when attempting to log in to the Dell Threat Defense tenant if they let their invitation lapse by seven days.

To resolve this issue:

Contact ProSupport using Dell Data Security International Support Phone Numbers.

An installation token is required to install Dell Threat Defense. For a complete walkthrough, reference How to Obtain an Installation Token for Dell Threat Defense.

Dell Threat Defense uses a web console to manage threats, policies, updates, and reporting for all endpoints. For an overview on all the main features, reference How To Manage Dell Threat Defense.

Files are safe-listed in the administration console of Dell Threat Defense. For more information, reference How to Safe List Files in Dell Threat Defense.

Each environment's policy recommendations may vary depending on requirements. For testing and baseline purposes, reference Dell Threat Defense Policy Recommendations.

A secure hash algorithm (SHA)-256 may be used in Dell Threat Defense exclusions. For more information, reference How to Identify a File's SHA-256 Hash for Anti-Virus and Malware Prevention Applications.

The product version for Dell Threat Defense varies between Windows and Mac platforms. For a comprehensive walkthrough, reference How to Identify the Dell Threat Defense Version.

Endpoint statuses may be pulled from Windows and Mac endpoints for an in-depth review. For more information, reference How to Analyze Dell Endpoint Security Suite Enterprise and Threat Defense Endpoint Status.

The log collection process for Threat Defense varies between Windows and Mac platforms. For a comprehensive walkthrough, reference How to Collect Logs for Dell Threat Defense.

The uninstall process for Dell Threat Defense varies between Windows and Mac platforms. For a complete walkthrough on both platforms, reference How To Uninstall Dell Threat Defense.