Control Host Sensor Actions
Threat Detection and Response (TDR) includes several features that work together to control the actions an installed Host Sensor can take on a host.
Host Sensor Settings
Host Sensor settings control the behavior of the Host Sensor.
To configure the Host Sensor settings, select the Host Ransomware Prevention Mode:
If you select Prevent, the Host Sensor takes automatic action to prevent ransomware, even if the host is not connected to the Internet or cannot communicate with your TDR account. For more information, see Host Ransomware Prevention.
A TDR user must have Administrator credentials to configure the global Host Sensor settings. A TDR user must have Operator credentials to configure Host Sensor settings in a group that take precedence over the global Host Sensor settings.
For information about how to configure global Host Sensor settings, see Configure TDR Host Sensor Settings
For information about how to configure Host Sensor settings for a group that take precedence over the global settings, see Manage TDR Groups.
Policies define the actions that a Host Sensor can take automatically based on a CYBERCON threshold and a Threat Score threshold. You can configure policies for individual hosts or groups.
For information about how configure policies for TDR, see Configure TDR Policies
For information about Threat Scores, see About TDR Threat Scores
The CYBERCON level specifies which of the configured policies are active.
For information about CYBERCON levels, see About TDR CYBERCON Levels
An exclusion identifies a path that you want all Host Sensors to ignore for file and process events. When you add an exclusion, Host Sensors ignore any events created by a file or process that originate from the specified directory. You can also include all subdirectories in the exclusion.
For more information about Exclusions, see Configure TDR Exclusions
You can also configure TDR signature overrides. Signature overrides do not affect which files are scanned by TDR, but they do affect how ThreatSync assigns a score to an event that is reported by a Host Sensor. When you add a signature override, you specify the MD5 values of a file or process and then specify whether to treat the file as safe (on the Whitelist) or malicious.
For more information, see Configure TDR Signature Overrides.