Attack Surface Reduction
Attack surface reduction enhances security by regulating scans, safeguarding cloud/network data, and enabling real-time monitoring. Parameters are customized by creating profiles linked to devices/groups, minimizing vulnerability exposure. This approach proactively reduces attack surface and strengthens system protection.
| Profile Specification | Description |
|---|---|
| Passcode Profile Settings | |
| Block abuse of exploited vulnerable signed drivers | Prevent malware by blocking exploitation of vulnerable signed drivers by disabling them. Enabling this option enhances system security by preventing malicious use of vulnerable drivers. |
| Block Adobe Reader from creating child processes | Enhance security by disallowing Adobe Reader from spawning child processes. Enabling this option restricts Adobe Reader's ability to create child processes, reducing potential attack vectors. |
| Block all Office applications from creating child processes | Strengthen defense against attacks by disabling Office apps from creating child processes. Enabling this option prevents Office applications from creating child processes, reducing opportunities for malware propagation. |
| Block credential theft from the Windows local security authority subsystem | Secure systems against credential theft by auditing Windows local security authority subsystem actions. Enabling this option audits actions related to the Windows local security authority subsystem, providing insights into potential credential theft attempts. |
| Block executable files from running unless they meet specific criteria | Improve system integrity by permitting only specific criteria-met executable files to run and block all other executables. Enabling this option restricts the execution of executable files based on defined criteria, bolstering system security. |
| Block JavaScript or VBScript from launching downloaded executable content | Upon enabling, defend against malicious content execution by blocking unauthorized JavaScript/VBScript from launching. This prevents JavaScript and VBScript from launching potentially malicious executable content, reducing the risk of malware infection. |
| Block Office applications from creating executable content | Upon enabling, prevent unauthorized executable content creation by Office apps. This restricts Office applications from generating executable content, mitigating the potential for unauthorized code execution. |
| Block Office applications from injecting code into other processes | Safeguard against code injection attacks by restricting Office apps. Enabling this option prevents Office applications from injecting code into other processes, reducing the risk of code injection attacks. |
| Block Office communication application from creating child processes | Boost security by blocking child process creation from Office communication apps. Enabling this option blocks Office communication apps from creating child processes, minimizing potential attack pathways. |
| Block persistence through WMI event subscription * File and folder exclusions not supported | Choose to either block or audit WMI event subscriptions, impeding common persistence tactics used by attackers. |
| Block process creations originating from PSExec and WMI commands | Audit process creations from PSExec and WMI commands. Enabling this option audits process creations initiated through PSExec and WMI commands, providing visibility into potentially malicious activities. |
| Block untrusted and unsigned processes that run from USB | Defend against USB-based attacks by blocking untrusted and unsigned processes. Enabling this option blocks the execution of untrusted and unsigned processes from USB drives, reducing the risk of USB-based malware infection. |
| Block Win32 API calls from Office macros | Enhance security by blocking specific Win32 API calls from Office macros mitigating potential unsafe interactions. |
| Use advanced protection against ransomware | Safeguards critical data and system integrity. Enable/Audit: Choose to either enable this protection or audit its effectiveness. |
| Exclusion list | The files and folders present in the Exclusion list are exempted from the above settings. |
Controlled Folder Access
Controlled Folder Access is a security feature that safeguards sensitive data from ransomware attacks. By controlling access to specific folders, it prevents unauthorized modifications and helps maintain the integrity of your important files.
Protected Folder List:
This section allows you to specify which folders are protected by Controlled Folder Access. The protected folder list lets you define the folders that are safeguarded against unauthorized access and modifications.
Controlled Folder Access
Controlled Folder Access is a security feature that safeguards sensitive data from ransomware attacks. By controlling access to specific folders, it prevents unauthorized modifications and helps maintain the integrity of your important files.
Protected Folder List:
This section allows you to specify which folders are protected by Controlled Folder Access. The protected folder list lets you define the folders that are safeguarded against unauthorized access and modifications.
| Profile Specification | Description |
|---|---|
| Passcode Profile Settings | |
| Protects sensitive data from ransomware | Ensures security against ransomware attacks and data breaches. |
| Folder protection | Choose the level of protection for folders. You can choose to fully enable it or have it in audit mode Audit disk modifications, Block disk modifications. |
| Protected folder list | Real-time protection that blocks unauthorized access and notifies the user. |
| Exclusion list | Provide a list of exceptions to exclude folders from folder protection. |
Note : Utilize Controlled Folder Access to ensure the security of your sensitive data by carefully configuring folder protection settings and maintaining a list of protected folders.
Network Protection
Network Protection is a security feature designed to shield endpoints from web-based threats, enhancing overall system security by preventing malicious activities originating from the network.
Exploit Protection
This feature provides configurable exploit mitigation to safeguard both endpoints and applications from potential vulnerabilities. You can enhance your protection by uploading an XML file with specific settings.
