StellarProtect provides the Operations Behavior Anomaly Detection to protect the endpoints from fileless attacks.
Navigate to the target agent or group, and then go to its Policy page. For more detailed procedures of how to go to the Policy page, refer to Go to the Policy Screen.
Scroll down and find the Operations Behavior Anomaly Detection.
-
Learn: Under this mode, StellarProtect will monitor unrecognized program calls and add them to the trusted-operation list. In this way, the agent will continuously learn more and more OT-related program call behaviors.
-
Detect: Under this mode, StellarProtect wil monitor unrecognized program calls and log them for future analysis.
-
Enforce: Under this mode, StellarProtect will monitor unrecognized program calls and block them to secure the endpoint.
-
Disable: Under this mode, the Operations Behavior Anomaly Detection is disabled and protection for fileless attacks is turned off.
-
In either Detect or Enforce mode, users have one more option, Aggressive Mode, for stronger antivirus protection. Please refer to Aggressive Mode for more details.
-
Users can manually add commonly-abused applications used in operations and processes to the Watchlist for strengthening security monitoring. Please refer to Watchlist for more details.