About Feature Settings Parent topic

Safe Lock offers the following protection features.
tmsl_settings.png

Safe Lock settings screen

Intrusion Prevention

Setting Description
USB Malware Protection
USB Malware Protection prevents automated threats on USB or remote drives from infecting the endpoint. Just viewing the contents of the drive may be enough to pass along an infection.
Enable this feature to prevent files on USB devices from automatically infecting the endpoint.
Network Virus Protection
Network Virus Protection scans incoming and outgoing network traffic, blocking threats from infected computers or other devices on the network.
Enable this feature to prevent threats on the network from infecting the endpoint.

Execution Prevention

Setting Description
Memory Randomization
Address Space Layout Randomization helps prevent shellcode injection by randomly assigning memory locations for important functions, forcing an attacker to guess the memory location of specific processes.
Enable this feature on older operating systems such as Windows XP or Windows Server 2003, which may lack or offer limited Address Space Layout Randomization (ASLR) support.
Note
Note
The endpoint must be restarted to enable or disable Memory Randomization.
DLL Injection Prevention
DLL Injection Prevention detects and blocks API call behaviors used by malicious software. Blocking these threats helps prevent malicious processes from running.
Never disable this feature except in troubleshooting situations since it protects the system from a wide variety of serious threats.
API Hooking Prevention
API Hooking Prevention detects and blocks malicious software that tries to intercept and alter messages used in critical processes within the operating system.
Never disable this feature except in troubleshooting situations since it protects the system from a wide variety of serious threats.

Application Lockdown

Setting Description
DLL/Driver Lockdown
DLL/Driver Lockdown prevents unapproved DLLs or drivers from being loaded into the memory of protected endpoints.
Script Lockdown
Script Lockdown prevents unapproved script files from being run on protected endpoints.
Write Protection
Write Protection prevents write access to objects (files, folders, and registry entries) in the Write Protection List and optionally prevents write access to files in the Approved List.

Other

Setting Description
Integrity Monitoring
Integrity Monitoring logs events related to file changes system-wide for files, folders, and the registry.
Related information