Skip Navigation

Policy settings

Policy name
The name of the policy
User ID
Your unique console ID
To get your user ID, do one of the following:
  • Use the Cylance API (Get Users)
  • In the console, go to User Management, view your user details, your user ID is at the end of the URL
Prevent unsafe files from executing before they can potentially do damage
Automatically quarantine unsafe files
Prevent abnormal files from executing before they potentially do damage
Automatically quarantine abnormal files
Prevent unsafe files must be selected before you can select Prevent abnormal files.
Allow auto-deletion of quarantined files
Automatically deletes quarantined files after the set number of days
  • Auto-delete after X days (days range 14-365 days)
    : Sets the number of days a quarantined file will be retained; the number of days can be between 14 and 365.
Enable auto-upload
Automatically uploads unsafe or abnormal portable executable files (PE) that
has not analyzed before
Enable memory protection
Used to detect or block exploit attempts on the device
Prevent service shutdown from device
Protects the
service from being shutdown manually or by another process
Kill unsafe running processes and their sub-processes
Terminates processes, and their sub-processes, regardless of state when a threat is detected
Background threat detection
Performs a full disk scan to detect and analyze any dormant threats on disk
Watch for new files
The agent will detect and analyze new or modified files for dormant threats
Exclude specific folders (includes subfolders)
Exclude folders, including subfolders, from Background threat detection and Watch for new files
  • Example for Windows: C:\Test
  • Example for macOS: /Applications/
  • Example Linux: /opt/application/
Set maximum archive file size to scan: X MB (size range 0-150MB)
Set the maximum archive file size the agent will scan
Enable script control
Alerts or blocks active script and PowerShell scripts from running
  • Alert: Monitors scripts running in your environment
  • Block: Blocks scripts from running on devices in your environment
Enable device control
Protects devices by controlling USB mass storage devices connecting to devices
External storage exclusion list
Exclude USB mass storage devices from the device control feature
Add an exclusion
Add an exclusion for a USB mass storage device; vendor ID is required