Known threats: Blocks behaviors associated with known malware threats
Known and potential threats: Blocks behaviors associated with known threats and takes action on behavior that is potentially malicious
Protect documents against unauthorized encryption or modification: Stops potential ransomware threats from encrypting or modifying the contents of documents
Automatically back up and restore files changed by suspicious programs: Creates backup copies of files being encrypted on endpoints to prevent any loss of data if OfficeScan detects a ransomware threat
Automatic file backup requires at least 100 MB of disk space on the agent endpoint and only backs up files that are less than 10 MB in size.
Block processes commonly associated with ransomware: Blocks processes associated with known ransomware threats before any encryption or modification of documents can occur
Enable program inspection to detect and block compromised executable files: Program inspection monitors processes and performs API hooking to determine if a program is behaving in an unexpected manner. Although this procedure increases the overall detection ratio of compromised executable files, it may result in decreased system performance.
Program inspection provides increased security if you select Known and potential threats in the Threats to block drop-down.
For details, see Ransomware Protection.
Anti-exploit Protection requires that you select Enable program inspection to detect and block compromised executable files.
For details, see Anti-Exploit Protection.
For information about monitored system events and actions, see Event Monitoring.
OfficeScan accepts a maximum combined total of 1024 approved programs and blocked programs.
Apply to All Agents: Applies settings to all existing agents and to any new agent added to an existing/future domain. Future domains are domains not yet created at the time you configured the settings.
Apply to Future Domains Only: Applies settings only to agents added to future domains. This option will not apply settings to new agents added to an existing domain.