Skip Navigation

Default configuration settings for a new
Cylance Endpoint Security
tenant

Preconfigured Zones

Preconfigured Zones
Assigned device policy
Default Zone rules
Windows
Zone
Stage 1
Automatic zone assignment to move all new
Windows
devices into this zone.
Mac
Zone
Stage 1
Automatic zone assignment to move all new
macOS
devices into this zone.
Linux
Zone
Stage 1
Automatic zone assignment to move all new
Linux
devices into this zone.

Preconfigured device policies

Device policy setting
Stage 1 policy
Stage 2 policy
Stage 3 policy
File Actions
Auto Quarantine with Execution Control: Unsafe
Off
On
On
Auto Quarantine with Execution Control: Abnormal
Off
Off
On
Enable auto-delete for quarantined files
Off
On
On
Auto Upload: Executable
On
On
On
Memory Actions
Memory Protection
Off
On
On
Exploitation: Stack Pivot
Off
Ignore
Ignore
Exploitation: Stack Protect
Off
Ignore
Ignore
Exploitation: Overwrite Code
Off
Ignore
Ignore
Exploitation: RAM Scraping
Off
Alert
Block
Exploitation: Malicious Payload
Off
Ignore
Ignore
Exploitation: System Call Monitoring
Off
Ignore
Ignore
Exploitation: Direct System Calls
Off
Ignore
Ignore
Exploitation: System DLL Overwrite
Off
Ignore
Ignore
Exploitation: Dangerous COM Object
Off
Ignore
Ignore
Exploitation: Injection via APC
Off
Ignore
Ignore
Exploitation: Dangerous VBA Macro
Off
Ignore
Ignore
Process Injection: Remote Allocation of Memory
Off
Alert
Block
Process Injection: Remote Mapping of Memory
Off
Alert
Block
Process Injection: Remote Write to Memory
Off
Alert
Block
Process Injection: Remote Write PE to Memory
Off
Alert
Block
Process Injection: Remote Overwrite Code
Off
Ignore
Ignore
Process Injection: Remote Unmap of Memory
Off
Ignore
Ignore
Process Injection: Remote Thread Creation
Off
Ignore
Ignore
Process Injection: Remote APC Scheduled
Off
Ignore
Ignore
Process Injection: DYLD Injection
Off
Ignore
Ignore
Process Injection: Doppelganger
Off
Ignore
Ignore
Process Injection: Dangerous Environmental Variable
Off
Ignore
Ignore
Escalation: LSASS Read
Off
Alert
Block
Escalation: Zero Allocate
Off
Alert
Block
Escalation: Memory Permission Changes In Other Processes
Off
Ignore
Ignore
Escalation: Memory Permission Changes In Child Processes
Off
Ignore
Ignore
Escalation: Stolen System Token
Off
Ignore
Ignore
Escalation: Low Integrity Process Start
Off
Ignore
Ignore
Protection Settings
Prevent service shutdown from device
On
On
On
Kill unsafe running processes and their sub processes
Off
Off
Off
Background Threat Detection
On
On
On
    Run setting
Recurring
Recurring
Recurring
    Days
10
10
10
Watch For New Files
On
On
On
    MB
150
150
150
Exclude Specific Folders
Off
Off
Off
Copy File Samples
Off
Off
Off
CylanceOPTICS Settings
CylanceOPTICS
Off
Off
Off
Enable CylanceOPTICS Desktop Notifications
Off
Off
Off
Detection Settings
None
None
None
Application Control
Application Control
Off
Off
Off
Agent Settings
Enable auto-upload of log files
Off
Off
Off
Enable Desktop Notifications
Off
Off
Off
Enable Software Inventory
On
On
On
Script Control
Script Control
Off
On
On
Active Script
Off
Alert
Block Unsafe
PowerShell Script
Off
Alert
Block Unsafe
PowerShell Console
Off
Disabled
Disabled
Macros
Off
Disabled
Disabled
Python
Off
Disabled
Disabled
.NET DLR
Off
Disabled
Disabled
XLM Macros
Off
Disabled
Disabled
Advanced: Score All Scripts
Off
On
On
Advanced: Upload Script to Cloud
Off
On
On
Advanced: Alert On Suspicious Scripts Execution Only
Off
On
On
Device Control
Windows Device Control
On
On
On
Android
Full Access
Full Access
Full Access
iOS
Full Access
Full Access
Full Access
Still Image
Full Access
Full Access
Full Access
USB CD DVD RW
Full Access
Full Access
Full Access
USB Drive
Full Access
Full Access
Full Access
VMWare USB Passthrough
Full Access
Full Access
Full Access
Windows Portable Device
Full Access
Full Access
Full Access