Malware Behavior Blocking provides a necessary layer of additional threat protection from programs that exhibit malicious behavior. It observes system events over a period of time. As programs execute different combinations or sequences of actions, Malware Behavior Blocking detects known malicious behavior and blocks the associated programs. Use this feature to ensure a higher level of protection against new, unknown, and emerging threats.
Behavior Monitoring can detect malicious scripts executed by legitimate Windows programs and the true payload path of script files executed by legitimate DLLs to protect endpoints against malware hidden in fileless attack vectors.
Malware Behavior Monitoring provides the following threat-level scanning options:
  • Known threats: Blocks behaviors associated with known malware threats
  • Known and potential threats: Blocks behavior associated with known threats and takes action on behavior that is potentially malicious
After blocking a program with notifications enabled, the Security Agent displays a notification on the endpoint.
For details about notifications, see Behavior Monitoring Notifications for Security Agent Users.
Related information