Exploit Prevention actions based on signature severity level

Technical Articles ID: KB90369
Last Modified: 2023-01-31 21:38:23 Etc/GMT

Environment

Endpoint Security (ENS) Threat Prevention 10.x
Endpoint Security for Linux Threat Prevention (ENSLTP) 10.7.x

Summary

The following tables show the default actions that Exploit Prevention takes when a signature is triggered based on the signature severity level and the protection mode.

ENS Windows:

Product		ENS 10.6.x		ENS 10.7.x and later
Protection Mode		Default Protection Mode		Default Protection Mode
Action		Block	Report	Block	Report
Signature Severity Level	Disabled	No	No	No	No
	Informational	No	No	No	No
	Low	No	No	No	No
	Medium	No	Yes¹	No¹	Yes¹
	High	Yes	Yes	Yes	Yes

With ENS 10.6.1/10.7.0 November 2020 Update, Medium severity signatures are set to Report by default. There is also a known issue with the ENS 10.7.0 original posting where Medium severity signatures were changed from Block disabled to Block enabled. See KB92310 - Endpoint Security 10.7.0 extension changes Medium severity Exploit Prevention signatures to enable Block and Report in the Default policy.

ENSLTP:

Product		ENSLTP 10.7.2 and later
Protection Mode		Default Protection Mode
Action		Block	Report
Signature Severity Level	Disabled	No	No
	Informational	No	No
	Low	No	No
	Medium	No	No
	High	Yes	Yes

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Exploit Prevention actions based on signature severity level

Environment

Summary

Affected Products

Languages:

Title

Title

Knowledge Center

Exploit Prevention actions based on signature severity level

Environment

Summary

Affected Products

Languages:

Choose your region

Title

Title