Policy Mode Options

The mitigation settings in the Policy mode options define the Agent behavior for: 

  • Malicious Threat - The Agent AI is very confident that the threat is malicious, based on the SW EDR detection engines.
  • Suspicious Threat - The Agent AI found traits that are suspicious, but not enough to mark it as malicious, based on the SW EDR detection engines.

Policy Modes

Policy Mode Options

Setting

Description

Malicious Threats

Protect

Automatically kills and quarantines malware

Sends Mitigated Threat alerts (recommended)

 

Detect

Does not automatically mitigate threats

Sends Not Mitigated Threat alerts

Note: No execution is blocked when in Detect mode

Suspicious Threat

Protect

Automatically kills and quarantines malware

Sends Mitigated Threat alerts

 

Detect

Does not automatically mitigate threats

Sends Not Mitigated Threat alerts

In Detect - Alert Only mode, besides sending active threat and suspicious activity alerts, the Windows Agent also:

  • Protects VSS snapshots that were created by the Agent from being deleted
  • Blocks Mimikatz from reading the memory of lsass.exe
  • Protects the master boot record (MBR) and the volume boot record (VBR) from being modified
  • Enforces anti-tampering
  • Prevents the endpoint from entering Safe Mode when not triggered by the user from the Windows GUI