The advanced protection lets you establish different security modes to block unknown malware and protect your computers against APTs (advanced persistent threats).
In audit mode, Adaptive Defense 360 only reports on detected threats but doesn’t block or disinfect the malware detected.
This mode allows execution of the unknown programs already installed on users' computers. However, unknown programs coming from external sources (Internet, email, etc.) will be blocked until they are classified. Programs classified as malware will be moved to quarantine. The following options are available:
Do not report blocking to the computer user: The agent won't display any notifications when blocking an unknown program coming from the Internet.
Report blocking to the computer user: Adaptive Defense 360 will display a message on the user's computer every time a program is blocked.
This mode prevents all unknown programs from running until they are classified. The following options are available:
Do not report blocking to the computer user
Report blocking to the computer user: Users will see a message whenever an item is blocked, explaining why it was blocked.
Report blocking and give the computer user the option to run the item: Displays a message for 1 minute allowing users to run the detected item under their own responsibility. These exclusions are permanent until the administrator changes the configuration from the Web console.
The anti-exploit protection prevents malicious programs from exploiting known and unknown (zero-day) vulnerabilities in applications to access computers on the corporate network.
Refer to section Anti-exploit technology for more information about this protection.
To enable it, select the Detect exploits checkbox.
Next, select the operating mode of the protection.
The protection tracks exploits' activities but doesn't take any action or display any information to the computer user upon detection.
Adaptive Defense 360 will monitor exploits and log exploit detections in the Web console, indicating that the exploit was allowed by the administrator.
The protection will block every exploit it detects. In some cases it may be necessary to end the compromised process or restart the computer.
Select the relevant checkboxes if you want to notify end users every time an exploit is blocked, and if you want to ask users for permission to end a compromised process or restart their computer.
Refer to section Actions on exploits for more information.
These settings affect both the antivirus protection and the advanced protection.
This section allows you to configure items on your computers that will not be scanned by Adaptive Defense 360.
Allows you to specify file extensions that won't be scanned.
Allows you to specify folders whose contents won't be scanned.
Allows you to indicate specific files that won't be scanned.
Every executable file found on users’ computers that is not recognized by Adaptive Defense 360 will be sent by the agent to our server for analysis. This feature is configured so that it has no impact on the performance of the customer’s network (the maximum number of MB that can be transferred in an hour per agent is set by default to 50).
Unknown files are sent only once for all customers using Adaptive Defense 360. Additionally, bandwidth management mechanisms are implemented in order to minimize the impact on the customer’s network.
To configure the maximum number of MB that an agent can send per hour, enter the relevant value and click OK. To establish unlimited transfers, set the value to 0.
To allow Adaptive Defense 360 to display in the console (reports and forensic analysis tools) the full name and path of the files sent for analysis, select the relevant checkbox in the Privacy tab.
Related topics