-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Capture Client Threat Protection Policy Engines
02/26/2021 
36 People found this article helpful
472,279 Views
Description
The Engine settings shows the various detection engines that scan and inspect activity.
Cause
Engine settings can be found under Security Policies-> Threat Protection-> Open Respective Policy-> Engine Settings
Resolution
Pre-Execution Engine
The SentinelOne agent leverages static AI and reputation engines to monitor files as they are written to disk.
- Reputation: This engine refers to the SentinelOne Cloud to make sure that no known malicious files are written to the disk or executed. This cannot be disabled.
- Deep File Inspection: This is a preventive Static AI engine that scans for malicious files when written to the disk and on execute.
- Deep File Inspection - Suspicious: A Static AI engine that scans for suspicious files when written to the disk and on execute, it is recommended to leave this engine enabled. The indicators in Forensics will help quickly analyze whether the file is a threat or benign. If safe, you can mark the detection as a "Mark as benign"
- Potentially unwanted applications: A Static AI engine on macOS devices that inspects applications that are not malicious, but are considered unsuitable for business networks.
Capture ATP Engine
Capture ATP Auto-Mitigation when enabled along with the DFI-Suspicious Engine allows detection of a potential threat, reports it and sends it to Capture ATP for further analysis. Based on policy settings, the verdict from Capture ATP can trigger automatic mitigation actions like "Kill & Quarantine" or "Mark as Threat"
On-Execution Engine
Monitor behavior and detect malicious activity when a process initiates.
The SentinelOne agent leverages behavioral AI engines to monitor behavior on the endpoint. When the SentinelOne agent is installed, the endpoints must be rebooted to enable the behavioral engines.
- Dynamic Behavior Tracking: A Behavioral AI engine that implements advanced machine learning tools. This engine detects malicious activities in real-time, when processes execute.
- Documents, Scripts: A Behavioral AI engine, focused on all types of documents and scripts.
- Lateral Movement: A Behavioral AI engine that detects attacks initiated by remote devices.
- Anti Exploitation / Fileless: A Behavioral AI engine, focused on exploits and all fileless attack attempts, such as web-related and command line exploits.
- Intrusion Detection: A Behavioral AI engine on Windows devices focused on insider threats such as malicious activity through PowerShell or CMD.
Related Articles
- How to Decommission and Remove Devices in Capture Client Console
- SonicWall Capture Client and Jamf Pro
- Capture Client – Pre-requisites for Windows
YES
NO