- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Capture Client Threat Protection Policy Engines
02/26/2021 
9 People found this article helpful
31,715 Views
Description
The Engine settings shows the various detection engines that scan and inspect activity.
Cause
Engine settings can be found under Security Policies-> Threat Protection-> Open Respective Policy-> Engine Settings
Resolution
Pre-Execution Engine
The SentinelOne agent leverages static AI and reputation engines to monitor files as they are written to disk.
- Reputation: This engine refers to the SentinelOne Cloud to make sure that no known malicious files are written to the disk or executed. This cannot be disabled.
- Deep File Inspection: This is a preventive Static AI engine that scans for malicious files when written to the disk and on execute.
- Deep File Inspection - Suspicious: A Static AI engine that scans for suspicious files when written to the disk and on execute, it is recommended to leave this engine enabled. The indicators in Forensics will help quickly analyze whether the file is a threat or benign. If safe, you can mark the detection as a "Mark as benign"
- Potentially unwanted applications: A Static AI engine on macOS devices that inspects applications that are not malicious, but are considered unsuitable for business networks.
Capture ATP Engine
Capture ATP Auto-Mitigation when enabled along with the DFI-Suspicious Engine allows detection of a potential threat, reports it and sends it to Capture ATP for further analysis. Based on policy settings, the verdict from Capture ATP can trigger automatic mitigation actions like "Kill & Quarantine" or "Mark as Threat"
On-Execution Engine
Monitor behavior and detect malicious activity when a process initiates.
The SentinelOne agent leverages behavioral AI engines to monitor behavior on the endpoint. When the SentinelOne agent is installed, the endpoints must be rebooted to enable the behavioral engines.
- Dynamic Behavior Tracking: A Behavioral AI engine that implements advanced machine learning tools. This engine detects malicious activities in real-time, when processes execute.
- Documents, Scripts: A Behavioral AI engine, focused on all types of documents and scripts.
- Lateral Movement: A Behavioral AI engine that detects attacks initiated by remote devices.
- Anti Exploitation / Fileless: A Behavioral AI engine, focused on exploits and all fileless attack attempts, such as web-related and command line exploits.
- Intrusion Detection: A Behavioral AI engine on Windows devices focused on insider threats such as malicious activity through PowerShell or CMD.
Related Articles
- Upgrading and Migrating Clients to Capture Client 3.6
- How do I send capture client TSR to tech support
- Recommendations for Ransomware Protection with Capture Client
YES
NO