Escan/english/escan22/eScan Management Console/Managed Computers and Escan/english/escan22/eScan Management Console/Policies/Features Help/EDRPolicy: Difference between pages
imported>TechContent No edit summary |
imported>TechContent No edit summary |
||
Line 1: | Line 1: | ||
<h3 style='color:#007FFF;font-size:20.0pt;font-family:"Open Sans"'>Advance Security</h3> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'>Following tabs with multiple threat protection options that are present in the EDR Policy:</p> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'>Advance Threat Protection</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'>Block Downloads from Internet</li> | |||
< | <li style='font-size:11.0pt;font-family:"Open Sans"'>Archive File Protection</li> | ||
<p style='font-size:11.0pt;font-family:"Open Sans"'>eScan | <li style='font-size:11.0pt;font-family:"Open Sans"'>Block Files Using sha256</li> | ||
< | <p style='font-size:11.0pt;font-family:"Open Sans"'>The following section will describe the tabs and options in detail.</p> | ||
<p style='font-size:11.0pt;font-family:"Open Sans"'> | <h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Advance Threat Protection</b></h4> | ||
<ol style='font-size:11.0pt;font-family:"Open Sans"'> | <p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows you to block and whitelist the execution of EXE files downloaded from Internet or present in the USB. Along with its Advanced Threat Protection tab that enables to restrict the WScript and Adobe reader from the execution of child processes.</p> | ||
<li> | <p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Unsigned Exe Download from Internet</b> <br> This option blocks the execution of untrusted/unknown executable files that are downloaded from the internet.</p> | ||
<li> | <p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Unsigned Exe from USB</b> <br>This option blocks the execution of untrusted/unknown executable files from portable storage devices like USB drives. </p> | ||
<li> | <p style='font-size:11.0pt;font-family:"Open Sans"'><b>Unsigned Exe White list (Cloud)</b> <br>This option allows the execution of whitelisted executable files based on the eScan Cloud database. It is enabled by default. </p> | ||
<li> | <p style='font-size:11.0pt;font-family:"Open Sans"'><b>Whitelisting for unsigned exe Downloaded From Internet/on USB</b> <br>This option allows the user to whitelist the unknown executable files. After enabling the above listed options, you can configure this option. </p><ol> | ||
</li> | <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add an unknown executable file, enter the name of the file and click on Add. The file will be added in the list.</li> | ||
<li> | <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete an executable file, select the particular file from the list and click on Delete.</li> | ||
<li> | <li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the files from the list, click on Remove All.</li></ol><br> | ||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block WScript From Running Downloaded Apps</b> <br> This option allows you to blocks the execution of any potentially malicious scripts (.js, PowerShell) that running from the downloaded apps.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Adobe Office Child Exe</b> <br> This option allows you to block the generation of any child process (VB macros, exploit code, PowerShell commands) by Adobe Reader and Office apps.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Custom Child Exe</b> <br>This option lets you to add or delete the custom child EXE.<br>After enabling this option, you can configure the following options: </p><ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add custom child EXE, enter the name and click on Add.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete any child EXE, select the file and click on Delete.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the file at once, click on Remove All.</li></ol><br> | |||
<h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Block Downloads From Internet</b></h4> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows you to block or restrict the internet downloaded files and files downloaded from email clients.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block Internet Downloaded Files</b> <br> This option allows you to directly block the files while downloading from internet.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Exclude Email Clients</b> <br>This option allows the execution of attachment and auto-run executable files that are downloaded via email clients (Outlook, Thunderbird, and more). It is enabled by default. </p> | |||
<h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Archive File Protection</b></h4> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows or blocks the running of password-protected archive files (zip, rar, 7zip, and more).</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Allow All</b> <br>This option is enabled by default and allows running of all the password-protected archive files. </p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Allow only default archive types</b> <br> This option allows the access of only default archive types and file name with extensions that are added in the list.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Action</b> <br>This drop-down option allows you to select the action to be taken in case of password protected archive file that does not belong to default type or whitelisted file extensions. </p> | |||
<ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Access Denied</b>: This option will deny the access to the archive files that are not default type or whitelisted file extensions.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Quarantine archive</b>: This option will quarantine all the archive files other than default types or whitelisted file extensions.</li></ol><br> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Add Custom Unsafe Extensions</b> <br>This option allows you to add custom unsafe archive in the list. </p> | |||
<ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add custom unsafe extension, enter the extension and click on Add.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete any custom extension, select the extension and click on Delete.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the extension at once, click on Remove All.</li></ol><br> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Allow only excluded extensions</b> <br> This option allows the access of only the archive files extensions that are added in the excluded list.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Action</b> <br>This drop-down option allows you to select the action to be taken in case of password-protected archive file that does not belong to excluded file extensions. </p> | |||
<ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Access Denied</b>: This option will deny the access to the archive files that are not added in the exclusion list.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Quarantine archive</b>: This option will quarantine all the archive files that are not added in the exclusion list.</li></ol><br> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Ignore Default Extensions</b> <br>This check box will allow the access of default archive extensions by including them in the blacklist. </p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Exclusion List for Custom Extensions</b> <br>This option allows you to add custom extension file type in the list. </p> | |||
<ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add custom extension, enter the extension and click on Add.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To delete any custom extension, select the extension and click on Delete.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Remove All</b>: To remove all the extension at once, click on Remove All.</li></ol><br> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Block All</b> <br> This option blocks the access of all the password-protected archive files types.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Action</b> <br>This drop-down option allows you to select the action to be taken on the password-protected archive file types. </p> | |||
<ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Access Denied</b>: This option will deny the access to all the password-protected archive files.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Quarantine archive</b>: This option will quarantine all the password-protected archive files.</li></ol><br> | |||
<h4 style='color:#007FFF;font-size:18.0pt;font-family:"Open Sans"'><b>Block Files Using sha256</b></h4> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'>This tab allows you to block the files that are encrypted using SHA256 encryption based on the hash value of it.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Enable SHA256 Protection</b> <br> This option lets you enable the SHA256 protection to block the files having identical hash key.</p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Filter Categories</b> <br>This option will be enabled after selecting the Enable SHA256 Protection option. You can use this option to add or remove SHA256 categories and the hash values that has been added to the particular category. </p> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Category Name</b> </p> | |||
<ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add a filter category, enter the category name and click on Add.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To remove filter category, select the category name and click on Delete.</li></ol><br> | |||
<p style='font-size:11.0pt;font-family:"Open Sans"'><b>Hash files</b> <br> To add/remove the hash file in particular category, select the category and then add or delete the file.</p> | |||
<ol> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Add</b>: To add a hash value, select the category in the Category Name column. Enter the hash value and comments (optional) and click on OK.</li> | |||
<li style='font-size:11.0pt;font-family:"Open Sans"'><b>Delete</b>: To remove a hash file, select the category in the Category Name column. Select the hash file and click on Delete.</li></ol><br> |
Latest revision as of 09:18, 30 November 2021
Advance Security
Following tabs with multiple threat protection options that are present in the EDR Policy:
The following section will describe the tabs and options in detail.
Advance Threat Protection
This tab allows you to block and whitelist the execution of EXE files downloaded from Internet or present in the USB. Along with its Advanced Threat Protection tab that enables to restrict the WScript and Adobe reader from the execution of child processes.
Block Unsigned Exe Download from Internet
This option blocks the execution of untrusted/unknown executable files that are downloaded from the internet.
Block Unsigned Exe from USB
This option blocks the execution of untrusted/unknown executable files from portable storage devices like USB drives.
Unsigned Exe White list (Cloud)
This option allows the execution of whitelisted executable files based on the eScan Cloud database. It is enabled by default.
Whitelisting for unsigned exe Downloaded From Internet/on USB
This option allows the user to whitelist the unknown executable files. After enabling the above listed options, you can configure this option.
- Add: To add an unknown executable file, enter the name of the file and click on Add. The file will be added in the list.
- Delete: To delete an executable file, select the particular file from the list and click on Delete.
- Remove All: To remove all the files from the list, click on Remove All.
Block WScript From Running Downloaded Apps
This option allows you to blocks the execution of any potentially malicious scripts (.js, PowerShell) that running from the downloaded apps.
Block Adobe Office Child Exe
This option allows you to block the generation of any child process (VB macros, exploit code, PowerShell commands) by Adobe Reader and Office apps.
Block Custom Child Exe
This option lets you to add or delete the custom child EXE.
After enabling this option, you can configure the following options:
- Add: To add custom child EXE, enter the name and click on Add.
- Delete: To delete any child EXE, select the file and click on Delete.
- Remove All: To remove all the file at once, click on Remove All.
Block Downloads From Internet
This tab allows you to block or restrict the internet downloaded files and files downloaded from email clients.
Block Internet Downloaded Files
This option allows you to directly block the files while downloading from internet.
Exclude Email Clients
This option allows the execution of attachment and auto-run executable files that are downloaded via email clients (Outlook, Thunderbird, and more). It is enabled by default.
Archive File Protection
This tab allows or blocks the running of password-protected archive files (zip, rar, 7zip, and more).
Allow All
This option is enabled by default and allows running of all the password-protected archive files.
Allow only default archive types
This option allows the access of only default archive types and file name with extensions that are added in the list.
Action
This drop-down option allows you to select the action to be taken in case of password protected archive file that does not belong to default type or whitelisted file extensions.
- Access Denied: This option will deny the access to the archive files that are not default type or whitelisted file extensions.
- Quarantine archive: This option will quarantine all the archive files other than default types or whitelisted file extensions.
Add Custom Unsafe Extensions
This option allows you to add custom unsafe archive in the list.
- Add: To add custom unsafe extension, enter the extension and click on Add.
- Delete: To delete any custom extension, select the extension and click on Delete.
- Remove All: To remove all the extension at once, click on Remove All.
Allow only excluded extensions
This option allows the access of only the archive files extensions that are added in the excluded list.
Action
This drop-down option allows you to select the action to be taken in case of password-protected archive file that does not belong to excluded file extensions.
- Access Denied: This option will deny the access to the archive files that are not added in the exclusion list.
- Quarantine archive: This option will quarantine all the archive files that are not added in the exclusion list.
Ignore Default Extensions
This check box will allow the access of default archive extensions by including them in the blacklist.
Exclusion List for Custom Extensions
This option allows you to add custom extension file type in the list.
- Add: To add custom extension, enter the extension and click on Add.
- Delete: To delete any custom extension, select the extension and click on Delete.
- Remove All: To remove all the extension at once, click on Remove All.
Block All
This option blocks the access of all the password-protected archive files types.
Action
This drop-down option allows you to select the action to be taken on the password-protected archive file types.
- Access Denied: This option will deny the access to all the password-protected archive files.
- Quarantine archive: This option will quarantine all the password-protected archive files.
Block Files Using sha256
This tab allows you to block the files that are encrypted using SHA256 encryption based on the hash value of it.
Enable SHA256 Protection
This option lets you enable the SHA256 protection to block the files having identical hash key.
Filter Categories
This option will be enabled after selecting the Enable SHA256 Protection option. You can use this option to add or remove SHA256 categories and the hash values that has been added to the particular category.
Category Name
- Add: To add a filter category, enter the category name and click on Add.
- Delete: To remove filter category, select the category name and click on Delete.
Hash files
To add/remove the hash file in particular category, select the category and then add or delete the file.
- Add: To add a hash value, select the category in the Category Name column. Enter the hash value and comments (optional) and click on OK.
- Delete: To remove a hash file, select the category in the Category Name column. Select the hash file and click on Delete.