Threat settings
Threat settings provide different options for handling files detected by the agent. Threats are classified as either Unsafe or Abnormal.
Threat Setting | Description |
|---|---|
Allow Execution in Threat Exclusion Folders | Use this option to allow execution of files in Threat Exclusion folders in addition to exclusion of threats found during File Watcher and Background Threat Detection. |
Auto Delete Quarantine | Use this option to automatically delete quarantined files after a specified number of days This applies to all devices assigned to the policy. The minimum number of days is one. The number of days starts when the file was first quarantined. This action is included in the Agent log file for verification. If this feature is not enabled, the quarantined files will remain on the device until the quarantined files are manually deleted. |
Auto Quarantine Abnormal Files | Use this option to quarantine an abnormal file to prevent it from executing. On a device, quarantining a file will move the file from its original location to the Cylance Quarantine directory.
Some malware is designed to drop other files in certain directories. This malware will continue to do so until the file is successfully dropped. To stop the malware from continually dropping the removed file, the Agent will modify the dropped file so it won’t execute and leave it in the folder. Auto Quarantine Unsafe Files must be selected for Auto Quarantine Abnormal Files to be available. |
Auto Quarantine Unsafe Files | Use this option to quarantine an unsafe file to prevent it from executing. On a device, quarantining a file will move the file from its original location to the Cylance Quarantine directory.
Some malware is designed to drop other files in certain directories. This malware will continue to do so until the file is successfully dropped. To stop the malware from continually dropping the removed file, the Agent will modify the dropped file so it won’t execute and leave it in the folder. Auto Quarantine Unsafe Files must be selected for Auto Quarantine Abnormal Files to be available. |
Background Threat Detection | Use this option to perform a full disk scan to detect and analyze any dormant threats on the disk. The full disk scan is designed to minimize impact to the end-user by using a low amount of system resources. The user can choose to run the scan once (upon installation only) or run recurring (which performs a scan every 9 days). A significant upgrade to the Cylance model, like adding new operating systems, will also trigger a full disk scan. Each time a new scan is performed, all files will be rescanned.It is recommended that users set Background Threat Detection to Run Once. Due to the predictive nature of the CylancePROTECT Desktop technology, periodic scans of the entire disk are not necessary but can be implemented for compliance purposes. |
Copy File Samples | Use this option to allow users to specify a network share where file samples can be copied. This allows you to do your own analysis of files the Agent considers Unsafe or Abnormal.
|
File Watcher | Use this option to detect and analyze any new or modified files for dormant threats. You should enable File Watcher. However, if Auto Quarantine is enabled for all Unsafe or Abnormal files, all malicious files will be blocked at execution. Hence, it is not necessary to enable File Watcher with Auto Quarantine mode unless you prefer to quarantine a file as it is added to a disk (File Watcher) but before execution (Auto-Quarantine). |
Scan Archive | Use this option to set the maximum archive file size the Agent will scan. This setting applies to Background Threat Detection and File Watcher. |