Dynamic Application Containment-based Exploit Prevention Rules explained
Last Modified: 2023-07-12 11:02:30 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Dynamic Application Containment-based Exploit Prevention Rules explained
Technical Articles ID:
KB96626
Last Modified: 2023-07-12 11:02:30 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.7.x ENS Adaptive Threat Protection (ATP) 10.7.x IMPORTANT: You must install and configure both ENS Threat Prevention and ATP to use Dynamic Application Containment (DAC)-based ENS Threat Prevention Expert Rules. ENS Threat Prevention is needed to configure the Expert Rule, and ATP is required for the DAC feature. Summary
ENS Exploit Prevention supports Expert rules (behavioral AAC rules) that depend on the DAC feature available with ENS ATP. DAC contains a process on the following basis:
Recommended settings for DAC-based Expert rules:
What reputation threshold should DAC be set at for Exploit Prevention Expert Rules to trigger? The reputation threshold levels available with the ENS ATP 10.7.x are as follows:
Exploit Prevention rule behavior for different Rule Assignments Type and Action Enforcement settings:
ENS will contain any application with a threshold equal to or higher than the DAC reputation threshold.
Affected ProductsLanguages:This article is available in the following languages: |
|