Policy More Options

Containment

Auto-immune for verified threats

Always On

Adds known hashes to the blacklist for all Sites that encounter them

This is always On and cannot be turned Off

Disconnect from Network

 

On

Automatically blocks network connections from an infected endpoint to make sure that the malware does not spread. The connection between the Agent and Management stays active. Also called Network Quarantine.
Note: From version 2.7, when Disconnect from network is enabled in the policy, endpoints are only disconnected if a threat is found after the threat is executed. Endpoints are not disconnected if a threat is detected pre-execution (by the Reputation or DFI engines) because the threat is not active.
Off  Infected endpoints are not automatically disconnected from the network. You can disconnect them manually. 

 

Advanced

Agent notification on suspicious

 

On

An alert opens on the endpoint computer for each threat or suspicious activity.

Off

Alerts do not open on endpoint computers for detections.

Auto Decommission after X days offline

 

On

Removes Agents from the Management Console if there is no communication with an Agent. The Management automatically recommissions the Agent after it starts to communicate again.

Days Offline

Click the number to change the number of days  before an offline Agent is decommissioned.

 

Agent Configuration Settings 

Use these options to configure Agent behavior on installation. 

Setting Description
Scan new Agent Agents run a Full Disk Scan when they first connect to the Management.
Agent UI Show the Agent tray icon, application, and alerts on endpoints. If disabled, end-users see no trace of the Agent.
Logging Save logs for troubleshooting and Support. Best practice is to leave this on.
Anti Tamper Do not allow end-users or malware to change, uninstall, or disable the Agent. Best practice is to leave this on.
Snapshots Keep VSS snapshots for rollback. If disabled, rollback is not available. Best practice is to leave this on. 

 

Remote Shell

You can enable Remote Shell capabilities for Agents that get this policy, however this functionality is not active in the EDR integration. NO Remote Shell connection is possible in the EDRIntegration.

Instead use the RMM Remote Background Management functionality