File actions
The following settings can be found in the
File Actions
tab in a device policy. They specify how the CylancePROTECT Desktop
agent handles a file when it detects a threat that it considers to be unsafe or abnormal. Option | Description |
---|---|
Auto Quarantine with Execution Control | This setting specifies whether to automatically quarantine unsafe or abnormal files to prevent them from executing. If you want to quarantine abnormal files, you must first select the option to quarantine unsafe files. Unsafe files contain significantly more malware attributes and are more likely to be malware than abnormal files. When a file is quarantined, the following occurs:
Some malware is designed to create files in other directories and continues to do so until it is successful. Instead of removing the files, CylancePROTECT Desktop modifies them so that the malware doesn't try to create them again and so that they could not be executed. |
Enable auto-delete for quarantined files | This setting specifies whether to automatically delete quarantined files after a specified number of days. For example, you can set it so that a file is deleted after it has been quarantined for 14 days. The number of days can range from 14 to 365. When the file is deleted, the following occurs:
|
Auto Upload | Make sure that you enable Auto Upload for all available file types. If the agent finds a file that CylancePROTECT cloud services has never analyzed before, it requests to upload the file for analysis.CylancePROTECT Desktop only uploads and analyzes unknown files such as Portable Executable (PE), Executable and Linkable Format (ELF) and Mach Object file format (Mach-O) files. If the same unknown file is discovered on multiple devices in the organization, CylancePROTECT Desktop uploads one file only from a single device for analysis, not one file per device. |
Policy Safe List | Add files that you consider to be safe to the policy safe list to allow them to run. The policy safe list takes precedence over the global safe list or global quarantine list. For example, a file that is added to the policy safe list is allowed to run on a device that is assigned the policy, even if that file is in the global quarantine list which blocks files from running on all devices. |