Agent settings: Other security settings

Tools > Security and Compliance > Agent settings > Security > Other security settings

Use the Other security settings dialog box to specify and save a collection of security settings.

About the Spyware page

Use this page to enable real-time spyware detection and notification on devices with this agent configuration.

Real-time spyware detection checks only for spyware definitions that reside in the Scan group, and that have autofix turned on. You can either manually enable the autofix option for downloaded spyware definitions, or configure spyware definition updates so that the autofix option is automatically enabled when they are downloaded.

Real-time spyware detection monitors devices for new launched processes that attempt to modify the local registry. If spyware is detected, the security scanner on the device prompts the end user to remove the spyware.

This page contains the following options:

  • Enable real-time spyware blocking: Turns on real-time spyware monitoring and blocking on devices with this agent configuration.

NOTE: In order for real-time spyware scanning and detection to work, you must manually enable the autofix feature for any downloaded spyware definitions you want included in a security scan. Downloaded spyware definitions don't have autofix turned on by default.

  • Notify user when spyware has been blocked: Displays a message that informs the end user that a spyware program has been detected and remediated.
  • If an application is not recognized as spyware, require user's approval before it can be installed: Even if the detected process is not recognized as spyware according to the device's current list of spyware definitions, the end user will be prompted before the software is installed on their computer.

About the Application Blocker page

Use this page to enable real-time unauthorized application blocking and notification. Real-time application blocker checks only for applications that reside in the Scan group.

With real-time application blocking, remediation isn't a separate task. Application blocking takes place as part of the security scan itself, by editing the registry on the local hard drive to disable user access to those unauthorized applications. Security services uses the softmon.exe feature to deny access to specified application executables even if the executable file name has been modified, because softmon.exe reads the file header information.

This page contains the following options:

  • Enable blocking of unauthorized applications: Turns on real-time application blocking on devices with this agent configuration.
  • Notify user when an application has been blocked: Displays a message that informs the end user they have attempted to launch an unauthorized application and access has been denied.