Review the actions taken by the endpoint agent when using aggressive mode with prevention selected.
When you configure the detection mode of an endpoint agent to Aggressive
mode and select the Prevention action, the agent
automatically performs response actions based on the ActiveActions for Standard Endpoint
Proteciton or Server & Workload Protection. Refer to the tables below to learn about
what actions are taken by the endpoint agent.
Standard Endpoint Protection Active Actions
|
Malware Type
|
First Action
|
Second Action
|
|
CVE exploit
|
Pass
|
N/A
|
|
Joke
|
Quarantine
|
N/A
|
|
Trojans
|
Quarantine
|
N/A
|
|
Virus
|
Clean
|
Quarantine
|
|
Test virus
|
Deny access
|
N/A
|
|
Packer
|
Quarantine
|
N/A
|
|
Others
|
Clean
|
Quarantine
|
|
Probable malware
|
Pass
|
N/A
|
Server & Workload Protection ActiveActions
|
Malware Type
|
Action
|
|
Virus
|
Clean. If a virus cannot be cleaned, it is deleted (Windows) or quarantined
(Linux or Solaris).
If the virus is a "Test Virus", a Linux or Solaris agent applies the "deny
access" action.
|
|
Trojans
|
Quarantine
|
|
Packer
|
Quarantine
|
|
Spyware
|
Quarantine
|
|
CVE Exploit
|
Quarantine
|
|
Aggressive Detection Rule
|
Pass (This setting detects more issues but may also result in more false
positives, so the default action is to raise an event.)
|
|
Other threats
|
Clean
If a threat cannot be cleaned, it is handled as follows:
If a virus type "Joke" is found on a Linux or Solaris agent, it is quarantined
immediately. No attempt is made to clean it.
|
|
Possible malware
|
Pass
|