Skip Navigation

Using device policies to manage
CylancePROTECT Desktop

Device policies define how the
CylancePROTECT Desktop
agent handles suspicious files and malware that it encounters. Execution control is enabled by default in all device policies, which allows the agent to alert the management console when unsafe or abnormal files attempt to run. After the agent is installed, the agent also analyzes all running processes and modules to determine whether there are threats that are already active. Each device is assigned to one device policy. The default policy is assigned if no other policy is assigned to a device.
You can use device policies to do the following:
  • Enable auto-quarantine for unsafe or abnormal files so that they are prevented from executing on the device. You can define the policy safe list for files that your organization considers as safe, even if the files have a threat score that indicates that they're unsafe or abnormal.
  • Enable memory protection settings to prevent memory exploits, including process injections and escalations. You can add exclusions for executable and macro files that you want to allow to run.
  • Enable protection settings such as preventing shutdown of the
    service, killing unsafe processes and sub-processes that are running, and running background threat detection to analyze files that may be dormant threats.
  • Enable and configure
  • Enable the application control feature to restrict new applications from running and blocks any updates or modifications to applications that were already installed.
  • Enable agent settings, such as the auto-upload of log files or desktop notifications.
  • Enable script control settings to prevent malicious scripts from running on devices. You can add exclusions to allow certain scripts to run if your organization considers them to be safe.
  • Enable device control settings to prevent USB mass storage devices (such as USB flash drives, external hard drives, and smartphones) from connecting to a device.