When working in the program web interface, users with the Senior security officer role can use policies to manage prevention rules for files and processes on selected hosts. For example, you can prevent the startup of applications that you consider unsafe to use on the selected host with the Endpoint Sensors component. The program identifies files based on their hash by using the MD5 and SHA256 hashing algorithms. You can create, delete and edit preventions.
Prevention rules can have the following types:
Users with the Senior security officer role can create, edit, delete, enable and disable prevention rules for the organizations whose data they can access.
Users with the Security officer role cannot access prevention rules.
All changes to prevention rules are applied on hosts after an authorized connection is established with the selected hosts. If there is no connection with the hosts, the old prevention rules continue to be applied on the hosts. Changes to prevention rules do not affect processes that are already running.
If an attempt to run a file is made before the Endpoint Sensors component is started or after the Endpoint Sensors component is shut down on a host, the file will be blocked from running. The user's computer will display a notification about the blocked file run when the Endpoint Sensors component is started.
You can create only one prevention rule for each file hash.