Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
Certains numéros d’article ont peut-être changé. Si ce n’est pas ce que vous recherchez, essayez de faire une recherche sur tous les articles. Rechercher des articles

How Threats Are Managed in Dell Endpoint Security Suite Enterprise

Résumé: How Threats Are Managed by Dell Endpoint Security Suite Enterprise.

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.

Symptômes

Note:

Affected Products:

  • Dell Endpoint Security Suite Enterprise

The Advance Threat Protection Client component of Dell Endpoint Security Suite Enterprise uses three phases in threat mitigation:

  • Detection: How a threat is located.
  • Analysis: How a file is identified as a threat.
  • Remediation: How threats are handled
Note:

Cause

Not Applicable

Résolution

Detection Phase
Figure 1: (English Only) Detection Phase

File Hash: The Advanced Threat Protection client initially checks if the file checksum (known as a hash) was previously identified as a threat. The hash can be set to:

  • Safelist the file
  • Quarantine the file

If a hash is not available, then Advanced Threat Protection detects threats by:

  • Execution Control: Launched (run) files
  • Process Scan: Processes running and configured for auto-start
  • Memory Protection: Data in memory
  • Background Threat Detection: Advanced Threat Protection runs in the background and scans all.

If a threat is detected, then Advanced Threat Protection moves into the Analysis Phase.

Analysis Phase
Figure 2: (English Only) Analysis Phase

Once a threat has been detected, Advanced Threat Protection classifies:

If a threat was found during the detection phase, then a local threat score is assigned.

If the endpoint is connected and online, the hash value of the threat is sent to the cloud. If the cloud threat score differs from the local threat score, the cloud threat score is relayed to the endpoint, and the cloud threat score overwrites the local threat score.

Note: Global threat scores are chosen above local as it reflects the most up-to-date information about the file. If the auto-upload policy is enabled, and the hash of the threat is unknown to the cloud, then the threat is uploaded to the Cylance Tenant.

If the auto-upload policy is enabled, then the threat is uploaded to the Cylance Tenant.

Once a threat score is assigned, the data is given an unsafe or abnormal attribute and then Advanced Threat Protection moves into the Remediation Phase.

Remediation Phase
Figure 3: (English Only) Remediation Phase

Once a threat score and classification has been assigned, Advanced Threat Protection determines:

Should the threat be safe-listed? If so, the file hash is added to the endpoint and no further action is taken on the file.

If the threat is not safe-listed, then Advanced Threat Protection checks if the Auto Quarantined policy is enabled. If Auto Quarantine is enabled, then the threat is quarantined.

If auto quarantine is not enabled, then a check is done to determine if the file has been manually set to quarantine by the DDP Administrator. If the threat is set for quarantine, then file hash is added to endpoint's local database and then the file is quarantined.

If the threat is not safe-listed or quarantined, then an alert is sent to the console for DDP Administration visibility and potential action.


To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 

Produits concernés

Dell Endpoint Security Suite Enterprise
Propriétés de l’article
Numéro d’article: 000126777
Type d’article: Solution
Dernière modification: 14 Nov 2023
Version:  9
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.