Security feature mapping
Feature name
|
Standard Endpoint Protection module
|
Server & Workload Protection module
|
Endpoint Sensor feature
|
Anti-Malware
|
Manual scans and Scan now are part of the Anti-Malware features. Access to Manual
scans and Scan now is configured in Agent Interface settings.
|
Manual scans are part of the Anti-Malware features. Access to Manual scans is configured
in Agent Interface settings.
|
-
|
Web Reputation
|
Web Reputation
|
Web Reputation
|
-
|
Intrusion Prevension
|
Vulnerability Protection
|
Intrusion Prevention
|
-
|
Application Control
|
Application Control
|
Application Control
|
-
|
Device Control
|
Device Control
|
Device Control
|
-
|
Firewall
|
Agent Configurations > Additional Service Settings > Firewall Service
|
Firewall
|
-
|
Advanced Risk Telemetry
|
-
|
-
|
Advanced risk telemetry
|
Endpoint Sensor
|
-
|
-
|
Endpoint sensor detection and resposne
|
Sandbox Submission
|
Sample Submission
|
-
|
-
|
Exclusions
|
Windows policies:
macOS policies:
|
Exclusions
|
-
|
Browser Extension
|
-
|
-
|
Browser extension feature in Endpoint detection and response
|
Agent Interface
|
Agent Configurations > Privileges and Other Settings
|
(Policy/Computer) > Settings
|
Agent console
|
Some features are currently unsupported. Support for these features is under development.
Unsupported features
Protection Manager
|
Feature
|
Notes
|
Standard Endpoint Protection
|
Network Content Inspection Engine for Standard Endpoint Protection
|
Enrolling in Endpoint Security Policies enables the Network Content Inspection Engine
by default, but cannot be configured.
Support for configuring the feature is coming soon.
|
Spyware/Grayware Approved List
|
||
Data Loss Prevention
|
Enrolling in Endpoint Security Policies disables Data Loss Prevention.
Support for Data Loss Prevention is coming soon as a feature of Data Security Sensor.
|
|
Server & Workload Protection
|
Activity Monitoring
|
Activity monitoring is upgraded to Endpoint Sensor and does not follow Activity Monitoring
settings in Server & Workload Protection. Enabling Endpoint Sensor disables Activity
Monitoring override settings for targeted endpoints.
If Endpoint Sensor is disabled, Activity Monitoring can be enabled in Server & Workload
Protection.
|
Anti-malware scan inclusions
|
||
Anti-malware scheduled real-time scan
|
||
Integrity Monitoring
|
Enrolling in Endpoint Security Policies disables Integrity Monitoring.
Integrity Monitoring in Endpoint Security Policies is coming soon.
|
|
Log Inspection
|
Enrolling in Endpoint Security Policies disables Log Inspection.
Log Inspection in Endpoint Security Policies is coming soon.
|
|
SAP Scanner
|
Enrolling in Endpoint Security Policies disables SAP scanner.
SAP scanner in Endpoint Security Policies is coming soon.
|
|
Spyware/Grayware Approved List
|
||
Feature blocking
|
Some features can still be configured after enrolling in Endpoint Security Policies
on an endpoint level (override settings). For more information, see Features editable after enrolling a Server Workload Protection endpoint group.
|
|
Other features missing support
|
Local Smart Protection Service support for Anti-malware and Web Reputation
|
Local Smart Protection Service for Service Gateway is coming soon.
|
Dynamic Intelligence Mode
|
Enrolling in Endpoint Security Policies enables Dynamic Intelligence Mode by default,
but cannot be configured.
Support for configuring the feature is coming soon.
|