How to Modify Policies in Dell Threat Defense

This article covers how to modify policies for Dell Threat Defense.

Affected Products:

Dell Threat Defense

Not applicable.

Dell Threat Defense uses policies to manage the advanced threat prevention (ATP) engine behavior on endpoints. It is important to modify the default policy or create a new policy before deploying Threat Defense.

To Modify Policy:

1. From a web browser, go to the Dell Threat Defense administration console at:
   • North America: https://dellthreatdefense.cylance.com/Login
   • Europe: https://dellthreatdefense-eu.cylance.com
   • Asia Pacific: https://dellthreatdefense-au.cylance.com
2. Log in to the Dell Threat Defense administration console.

3. In the console, click the Settings tab.

4. Under Settings, click Device Policy.

5. Click Add New Policy.

6. Populate a Policy Name.

7. Under File Type Executable check:
   • Auto Quarantine with Execution Control to automatically quarantine items marked unsafe.
   • Auto Quarantine with Execution Control to automatically quarantine items marked abnormal.

8. Enable auto-delete for quarantined files to auto-delete quarantined files after a minimum of 14 days, up to a maximum of 365 days.

9. Auto Upload to upload items marked unsafe to Cylance’s InfinityCloud to provide additional data to help with triage.

10. Under Policy Safe List, click Add File if any files must be safelisted from threat detection.

11. Click the Protection Settings tab.

12. Check Prevent service shutdown from device to prohibit the ability to locally terminate Threat Defense service.

13. Check Kill unsafe running processes and their sub processes to have Threat Defense automatically terminate any classified unsafe process.

14. Check Background Threat Detection to have Threat Defense automatically check executable files for dormant threats.

15. Check Watch For New Files to have Threat Defense check new or modified executable files for threats.

16. Check Copy File Samples to have Threat Defense copy threats to a defined repository for research.

17. Check the Agent Settings tab.

18. Check Enable auto-upload of log files to automatically upload device logs to Cylance Support.

19. Check Enable Desktop Notifications to allow prompts on abnormal or unsafe files.

20. Click the Script Control tab.

21. Check Script Control to enable monitoring of PowerShell and active scripts.
    • If Script Control is enabled, determine if Threat Defense should Alert or Block on detection.

• If Script Control is enabled, determine if Disable Script Control should be enabled.

22. Populate Folder Exclusions (includes subfolders) with the relative path of any folders to be excluded from Script Control.

23. Once all settings have been configured, click Create.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.