Default configuration settings for a new Cylance Endpoint Security tenant
Cylance Endpoint Security
tenantPreconfigured Zones
Preconfigured Zones | Assigned device policy | Default Zone rules |
---|---|---|
Windows Zone | Stage 1 | Automatic zone assignment to move all new Windows devices into this zone. |
Mac Zone | Stage 1 | Automatic zone assignment to move all new macOS devices into this zone. |
Linux Zone | Stage 1 | Automatic zone assignment to move all new Linux devices into this zone. |
Preconfigured device policies
Device policy setting | Stage 1 policy | Stage 2 policy | Stage 3 policy |
---|---|---|---|
File Actions | |||
Auto Quarantine with Execution Control: Unsafe | Off | On | On |
Auto Quarantine with Execution Control: Abnormal | Off | Off | On |
Enable auto-delete for quarantined files | Off | On | On |
Auto Upload: Executable | On | On | On |
Memory Actions | |||
Memory Protection | Off | On | On |
Exploitation: Stack Pivot | Off | Ignore | Ignore |
Exploitation: Stack Protect | Off | Ignore | Ignore |
Exploitation: Overwrite Code | Off | Ignore | Ignore |
Exploitation: RAM Scraping | Off | Alert | Block |
Exploitation: Malicious Payload | Off | Ignore | Ignore |
Exploitation: System Call Monitoring | Off | Ignore | Ignore |
Exploitation: Direct System Calls | Off | Ignore | Ignore |
Exploitation: System DLL Overwrite | Off | Ignore | Ignore |
Exploitation: Dangerous COM Object | Off | Ignore | Ignore |
Exploitation: Injection via APC | Off | Ignore | Ignore |
Exploitation: Dangerous VBA Macro | Off | Ignore | Ignore |
Process Injection: Remote Allocation of Memory | Off | Alert | Block |
Process Injection: Remote Mapping of Memory | Off | Alert | Block |
Process Injection: Remote Write to Memory | Off | Alert | Block |
Process Injection: Remote Write PE to Memory | Off | Alert | Block |
Process Injection: Remote Overwrite Code | Off | Ignore | Ignore |
Process Injection: Remote Unmap of Memory | Off | Ignore | Ignore |
Process Injection: Remote Thread Creation | Off | Ignore | Ignore |
Process Injection: Remote APC Scheduled | Off | Ignore | Ignore |
Process Injection: DYLD Injection | Off | Ignore | Ignore |
Process Injection: Doppelganger | Off | Ignore | Ignore |
Process Injection: Dangerous Environmental Variable | Off | Ignore | Ignore |
Escalation: LSASS Read | Off | Alert | Block |
Escalation: Zero Allocate | Off | Alert | Block |
Escalation: Memory Permission Changes In Other Processes | Off | Ignore | Ignore |
Escalation: Memory Permission Changes In Child Processes | Off | Ignore | Ignore |
Escalation: Stolen System Token | Off | Ignore | Ignore |
Escalation: Low Integrity Process Start | Off | Ignore | Ignore |
Protection Settings | |||
Prevent service shutdown from device | On | On | On |
Kill unsafe running processes and their sub processes | Off | Off | Off |
Background Threat Detection | On | On | On |
Run setting | Recurring | Recurring | Recurring |
Days | 10 | 10 | 10 |
Watch For New Files | On | On | On |
MB | 150 | 150 | 150 |
Exclude Specific Folders | Off | Off | Off |
Copy File Samples | Off | Off | Off |
CylanceOPTICS Settings | |||
CylanceOPTICS | Off | Off | Off |
Enable CylanceOPTICS Desktop Notifications | Off | Off | Off |
Detection Settings | None | None | None |
Application Control | |||
Application Control | Off | Off | Off |
Agent Settings | |||
Enable auto-upload of log files | Off | Off | Off |
Enable Desktop Notifications | Off | Off | Off |
Enable Software Inventory | On | On | On |
Script Control | |||
Script Control | Off | On | On |
Active Script | Off | Alert | Block Unsafe |
PowerShell Script | Off | Alert | Block Unsafe |
PowerShell Console | Off | Disabled | Disabled |
Macros | Off | Disabled | Disabled |
Python | Off | Disabled | Disabled |
.NET DLR | Off | Disabled | Disabled |
XLM Macros | Off | Disabled | Disabled |
Advanced: Score All Scripts | Off | On | On |
Advanced: Upload Script to Cloud | Off | On | On |
Advanced: Alert On Suspicious Scripts Execution Only | Off | On | On |
Device Control | |||
Windows Device Control | On | On | On |
Android | Full Access | Full Access | Full Access |
iOS | Full Access | Full Access | Full Access |
Still Image | Full Access | Full Access | Full Access |
USB CD DVD RW | Full Access | Full Access | Full Access |
USB Drive | Full Access | Full Access | Full Access |
VMWare USB Passthrough | Full Access | Full Access | Full Access |
Windows Portable Device | Full Access | Full Access | Full Access |