Threats Response Policy
Analysis > Threats > Management provides policy settings for Maliware and XBA Threats.
| Item | Description |
|---|---|
| Safe | Exclude selected Threats as Safe. |
| Malicious-Response Policy | Registers response settings for the selected Threats. |
| pending | Treats the Threats verdict for the selected Threats as Hold. |
| Reset | Resets the Threats verdict for the selected Threats to a new state. |
Endpoints Threats Response Policy
In Analysis > Threats > Management, the Policy Settings function is activated when the list of detected risks is selected in Threats by Status.
| Item | Description |
|---|---|
| DefaultPolicy | If the file is detected again, it is processed according to the rules set in GroupPolicy-Response. |
| Detect Only | When the file is detected again, only the detection is performed without raising any other events. |
| Notify | When the file is detected again, it immediately triggers an alarm event on Endpoints. |
| Kill Process | Initiate a Kill Process event to Endpoints when the corresponding process (file X) is detected. |
| File Delete | Promptly forwards a file deletion event to Endpoints when the file is detected again. The files are quarantined in the c:\program files\geni\insights\Isolate folder and deleted after a certain period of time has elapsed. |
You can set the desired response policy among them. In addition, you can add a description of the policy through a note according to the Threats Response Policy.
Endpoints Individual Response Policy
When a threat file is detected based on the MD5 hash value, it is possible to immediately respond with the response policy set in Management, but it provides the setting function for the response policy for each endpoint. Selecting Endpoints from the list activates the Policy Settings feature.
- When you click the
Exceptionbutton after selecting Endpoints, files detected by the Endpoints are set to be excluded from Threats detection. - After selecting Endpoints, click the ‘Threats Response Policy’ button to select the response to be triggered only on the device.
- If you set the individual response policy, the set values (alarm/process forced termination, deletion) are saved in the individual response policy.
- If the file or process is running at the time the response policy is applied, 'Delete immediately' (moved to quarantine and deleted after a certain period of time has elapsed)/'Forced process termination' is performed.
If you want to initialize an individual response policy, select Endpoints and click the Reset button.