- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Capture Client Threat Protection Auto-mitigation Actions
11/12/2021 
19 People found this article helpful
203,108 Views
Description
This KB explains about Different types on Capture Client Threat Protection Auto-mitigation Actions available
Resolution
The Agent mitigates threats automatically based on configured auto-mitigation action, if its policy is set to Protect. When you analyze Active threats, you see the mitigation actions that the Agent applied automatically.
The Available Policy mode Options for Threats are :
- Detect (Alert Only): This feature only provides threat Alert only .
- Protect (Kill and Quarantine)
Following are the Protection and Containment options when the policy mode is set to Protect:
Kill - Stops processes. Active content in documents, executables, and sub-processes are stopped. The Agent enables Kill for processes that act against normal endpoint behavior or do not fit the actions of the application the process is hiding in.
Quarantine - Stops processes, encrypts the executable, and moves it to a confined path. If a threat is known, the Agent automatically kills the threat before it can execute. The only mitigation action for you is Quarantine.
Remediate - Stops processes, quarantines binaries, removes linked libraries, deletes seed files, and restores configuration of the OS, application, and user settings to the state before the attack began.
Rollback - (Windows only) restores the endpoint to a saved point. This option is best for ransomware mitigation and disaster recovery. It can remove legitimate work done since the last VSS snapshot.
Disconnect from network - The Agent can communicate only with the Management Console. The endpoint cannot communicate with other components on the network.
The Following are the policy mode options for Suspicious which includes:
- Detect (Alert Only)
- Protect (Kill and Quarantine)
- Capture ATP (Auto Mitigate)
Capture ATP Mitigation mode detects a potential threat,reports it and sends it to Capture ATP for further analysis.Depending on the Capture ATP verdict , action can be be taken accordingly.
Note: macOS versions - do not support Rollback
Related Articles
- How to manage Content Filter Client Licenses from the EPRS portal for the GEN7 devices?
- SentinelOne agent version availability with SonicWall Capture Client
- Capture Client - system requirements
YES
NO