Behavior Monitoring protects clients from unauthorized changes to the operating system, registry entries, other software, or files and folders.
Classic Mode: Go to SECURITY AGENTS and select a group. Click > Configure Policy.
Advanced Mode: Go to POLICIES > Policy Management. Click Add or click an existing policy.
Block known and potential threats: Blocks behaviors associated with known threats and takes action on behavior that is potentially malicious
Block known threats: Blocks behaviors associated with known malware threats
Protect documents against unauthorized encryption or modification: Stops potential ransomware threats from encrypting or modifying the contents of documents
Automatically back up and restore files changed by suspicious programs: Creates backup copies of files being encrypted on endpoints to prevent any loss of data after detecting a ransomware threat
Automatic file backup requires at least 100 MB of disk space on the agent endpoint and only backs up files that are less than 10 MB in size.
Block processes commonly associated with ransomware: Blocks processes associated with known ransomware threats before any encryption or modification of documents can occur
Enable program inspection to detect and block compromised executable files: Program inspection monitors processes and performs API hooking to determine if a program is behaving in an unexpected manner. Although this procedure increases the overall detection ratio of compromised executable files, it may result in decreased system performance.
The following products are supported:
QuickBooks Simple Start
All Intuit executable files have a digital signature and updates to these files will not be blocked. If other programs try to change the Intuit binary file, the Agent displays a message with the name of the program that is attempting to update the binary files. Other programs can be allowed to update Intuit files. To do this, add the required program to the Behavior Monitoring Exception List on the Agent. Remember to remove the program from the exception list after the update.
For information about monitored system events and actions, see Event Monitoring.