- Overview
- CylanceON-PREM architecture
- Steps to get started with CylanceON-PREM
- Requirements: CylanceON-PREM
- Configuring the CylanceON-PREM virtual appliance
- Migrating to the most recent version of CylanceON-PREM
- Configuring the CylanceON-PREM console
- Log in to CylanceON-PREM
- Administrative dashboard
- Filter lists
- Export lists
- CylanceON-PREM policies
- Setting up the CylancePROTECT agent
- Adding the CA certificate to endpoints
- Installing the CylancePROTECT Desktop agent for Windows
- Installing the CylancePROTECT Desktop agent for macOS
- Installing the CylancePROTECT Desktop agent for Linux
- Manually update the Linux driver
- Upgrading the CylancePROTECT Desktop agents
- Using virtual machines
- Manage devices in CylanceON-PREM
- Threat management in CylanceON-PREM
- CylanceON-PREM Global lists
- CylanceON-PREM Administration
- Managing CylanceON-PREM users
- Managing roles
- Update profile information
- CylanceON-PREM audit logs
- Managing Certificates
- Setting up email notifications for CylanceON-PREM
- CylanceON-PREM Settings
- Upgrade CylanceON-PREM
- Reboot the virtual appliance
- Configure session timeout
- Update CylanceON-PREM SSL certificate version 1.3.1 and later
- Update CylanceON-PREM SSL certificate version 1.2.2.1 and earlier
- Change the certificate cipher mode
- Enable maintenance mode
- Change network settings
- Check an IP address
- Change the log level
- Download logs
- Configure syslog/SIEM settings
- Update database connection settings
- Configure active directory
- Configure identity provider settings
- Using certificate-based authentication
- Add a banner to the login screen
- Applications
- CylanceON-PREM API
- Troubleshooting
- Agent not communicating with CylanceON-PREM
- Web browser reports insecure webpage
- Unable to connect to external database
- Configure static IP using the OVF tool
- Remote server 404 error in log files
- Log in with a local administrator account
- Online Certificate Status Protocol issues
- A user is not receiving email notifications
- Before you contact support
Script control
Script control protects devices by blocking malicious Active Script, PowerShell scripts, and Microsoft Office macros from running.
Script control monitors and protects against scripts running in your environment. The Agent can detect the script and script path before the script is executed. Depending on the policy set for Script Control (alert or block), the Agent will allow or block the execution of the script.
Microsoft Office macros use Visual Basic for Applications (VBA) that allows embedding code inside an Office document (typically Word, Excel, and PowerPoint). The main purpose for macros is to simplify routine actions, like manipulating data in a spreadsheet or formatting text in a document. However, malware creators can use macros to run commands and attack the system. It is assumed that a Microsoft Office macro trying to manipulate the system is a malicious action. The Agent looks for malicious actions originating from a macro that affects things outside the Microsoft Office products.
When you use script control, you should consider the following:
- Starting with Microsoft Office 2013, macros are disabled by default. Most of the time, you do not need to enable macros to view the content of an Office document. You should only enable macros for documents you receive from users you trust, and you have a good reason to enable it. Otherwise, macros should always be disabled.
- If the script launches the PowerShell console, and Script Control is set to block the PowerShell console, the script will fail. It is recommended that users change their scripts to invoke the PowerShell scripts, not the PowerShell console.
- Alert only monitors scripts running in your environment. It is recommended for initial deployment or testing.
- Block only allows scripts to run from specific folders. You should use it after you test in Alert mode.
Script Control Setting | Description |
|---|---|
Active Script | Active Script includes VBScript and Jscript. |
Macros | Microsoft Office macros use Visual Basic for Applications (VBA) to simplify routine actions, like manipulating data in a spreadsheet. |
PowerShell | PowerShell refers to PowerShell commands, including one-liners. |
Block PowerShell Console Usage | The PowerShell console is blocked. |