Passer au contenu principal
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Créez et accédez à une liste de vos produits
Certains numéros d’article ont peut-être changé. Si ce n’est pas ce que vous recherchez, essayez de faire une recherche sur tous les articles. Rechercher des articles

How to Modify Policies in Dell Threat Defense

Résumé: Policies for Dell Threat Defense may be changed by following these instructions.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.

Symptômes

Note:

This article covers how to modify policies for Dell Threat Defense.


Affected Products:

Dell Threat Defense


Cause

Not applicable.

Résolution

Dell Threat Defense uses policies to manage the advanced threat prevention (ATP) engine behavior on endpoints. It is important to modify the default policy or create a new policy before deploying Threat Defense.

Note: For more information about recommended policies and policy definitions, reference Dell Threat Defense Policy Recommendations.

To Modify Policy:

  1. From a web browser, go to the Dell Threat Defense administration console at:
  2. Log in to the Dell Threat Defense administration console.

Dell Threat Defense administration console

  1. In the console, click the Settings tab.

Settings

  1. Under Settings, click Device Policy.

Device Policy

  1. Click Add New Policy.

Add New Policy

Note: Dell recommends setting policies in a "Learning Mode" configuration to train Dell Threat Defense for the environment before switching to a "Protect Mode" configuration. For more information about recommended policies and policy definitions, reference Dell Threat Defense Policy Recommendations.
  1. Populate a Policy Name.

Policy Name

  1. Under File Type Executable check:
    • Auto Quarantine with Execution Control to automatically quarantine items marked unsafe.
    • Auto Quarantine with Execution Control to automatically quarantine items marked abnormal.

File Type Executable

  1. Enable auto-delete for quarantined files to auto-delete quarantined files after a minimum of 14 days, up to a maximum of 365 days.

Enable auto-delete for quarantined files

  1. Auto Upload to upload items marked unsafe to Cylance’s InfinityCloud to provide additional data to help with triage.

Auto Upload

Note: To help manage bandwidth usage, there is a 250MB upload limit per device each day. In addition, any threat file larger than 51 is not uploaded to the InfinityCloud for analysis.
  1. Under Policy Safe List, click Add File if any files must be safelisted from threat detection.

Policy Safe List

  1. Click the Protection Settings tab.

Protection Settings

  1. Check Prevent service shutdown from device to prohibit the ability to locally terminate Threat Defense service.

Prevent service shutdown from device

  1. Check Kill unsafe running processes and their sub processes to have Threat Defense automatically terminate any classified unsafe process.

Kill unsafe running processes and their sub processes

  1. Check Background Threat Detection to have Threat Defense automatically check executable files for dormant threats.

Background Threat Detection

  1. Check Watch For New Files to have Threat Defense check new or modified executable files for threats.

Watch For New Files

  1. Check Copy File Samples to have Threat Defense copy threats to a defined repository for research.

Copy File Samples

  1. Check the Agent Settings tab.

Agent Settings

  1. Check Enable auto-upload of log files to automatically upload device logs to Cylance Support.

Enable auto-upload of log files

  1. Check Enable Desktop Notifications to allow prompts on abnormal or unsafe files.

Enable Desktop Notifications

  1. Click the Script Control tab.

Script Control

  1. Check Script Control to enable monitoring of PowerShell and active scripts.
    • If Script Control is enabled, determine if Threat Defense should Alert or Block on detection.

Alert or Block

  • If Script Control is enabled, determine if Disable Script Control should be enabled.

Disabling Script Control

  1. Populate Folder Exclusions (includes subfolders) with the relative path of any folders to be excluded from Script Control.

Folder Exclusions (includes subfolders)

Note: For more information about relative pathing, reference Policy Definitions for Folder Exclusions (includes subfolders) in Dell Threat Defense Policy Recommendations.
  1. Once all settings have been configured, click Create.

Create

Note: Policies can be edited at any time by clicking their name within Device Policy. Any changes to policies are communicated to devices over data.cylance.com on port 443.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 

Informations supplémentaires

 

Vidéos

 

Produits concernés

Dell Threat Defense
Propriétés de l’article
Numéro d’article: 000126835
Type d’article: Solution
Dernière modification: 19 déc. 2022
Version:  8
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.