Setting | Description |
---|---|
USB Malware Protection
|
USB Malware Protection prevents automated threats on USB or remote drives from infecting
the
endpoint. Just viewing the contents of the drive may be enough to pass along an infection.
Enable this feature to prevent files on USB devices from automatically infecting the
endpoint.
|
Network Virus Protection
|
Network Virus Protection scans incoming and outgoing network traffic, blocking threats
from infected computers or other devices on the network.
Enable this feature to prevent threats on the network from infecting the endpoint.
|
Setting | Description | ||
---|---|---|---|
Memory Randomization
|
Address Space Layout Randomization helps prevent shellcode injection by randomly assigning
memory locations for important functions, forcing an attacker to guess the memory
location of specific processes.
Enable this feature on older operating systems such as Windows XP or Windows Server
2003, which may lack or offer limited Address Space Layout Randomization (ASLR) support.
|
||
DLL Injection Prevention
|
DLL Injection Prevention detects and blocks API call behaviors used by malicious software.
Blocking these threats helps prevent malicious processes from running.
Never disable this feature except in troubleshooting situations since it protects
the system from a wide variety of serious threats.
|
||
API Hooking Prevention
|
API Hooking Prevention detects and blocks malicious software that tries to intercept
and alter messages used in critical processes within the operating system.
Never disable this feature except in troubleshooting situations since it protects
the system from a wide variety of serious threats.
|
Setting | Description |
---|---|
DLL/Driver Lockdown
|
DLL/Driver Lockdown prevents unapproved DLLs or drivers from being loaded into the
memory of protected endpoints.
|
Script Lockdown
|
Script Lockdown prevents unapproved script files from being run on protected endpoints.
|
Write Protection
|
Write Protection prevents write access to objects (files, folders, and registry entries)
in the Write Protection List and optionally prevents write access to files in the
Approved List.
|
Setting | Description |
---|---|
Integrity Monitoring
|
Integrity Monitoring logs events related to file changes system-wide for files, folders,
and the registry.
|