Policy More Options


Auto-immune for verified threats

Always On

Adds known hashes to the blacklist for all Sites that encounter them

This is always On and cannot be turned Off

Disconnect from Network



Automatically blocks network connections from an infected endpoint to make sure that the malware does not spread. The connection between the Agent and Management stays active. Also called Network Quarantine.
Note: From version 2.7, when Disconnect from network is enabled in the policy, endpoints are only disconnected if a threat is found after the threat is executed. Endpoints are not disconnected if a threat is detected pre-execution (by the Reputation or DFI engines) because the threat is not active.
Off  Infected endpoints are not automatically disconnected from the network. You can disconnect them manually. 



Agent notification on suspicious



An alert opens on the endpoint computer for each threat or suspicious activity.


Alerts do not open on endpoint computers for detections.

Auto Decommission after X days offline



Removes Agents from the Management Console if there is no communication with an Agent. The Management automatically recommissions the Agent after it starts to communicate again.

Days Offline

Click the number to change the number of days  before an offline Agent is decommissioned.


Agent Configuration Settings 

Use these options to configure Agent behavior on installation. 

Setting Description
Scan new Agent Agents run a Full Disk Scan when they first connect to the Management.
Agent UI Show the Agent tray icon, application, and alerts on endpoints. If disabled, end-users see no trace of the Agent.
Logging Save logs for troubleshooting and Support. Best practice is to leave this on.
Anti Tamper Do not allow end-users or malware to change, uninstall, or disable the Agent. Best practice is to leave this on.
Snapshots Keep VSS snapshots for rollback. If disabled, rollback is not available. Best practice is to leave this on. 


Remote Shell

You can enable Remote Shell capabilities for Agents that get this policy, however this functionality is not active in the EDR integration. NO Remote Shell connection is possible in the EDRIntegration.

Instead use the RMM Remote Background Management functionality