| 1. | Right-click on the application icon in the notification area to open context menu. Then choose Settings to open Application settings window. |
| 2. | Check Enable automatic processing of incidents and click Configure. |
| 3. | Under Incidents tab you can set automatic decisions on different incidents. |
Following types of incidents are available:
| • | Launching unknown application - attempt to launch any application which was not installed before system profile creation. Exception is made for installers with certificate from trusted Certificate Authority. |
| • | Launching unknown installer/updater – attempt to launch any installer without certificate from trusted Certificate Authority or with expired certificate. |
| • | Control policy violation – any violations of application activity policies by applications with adjusted activity restrictions (access to file system, registry etc.). |
Following decisions on Launching unknown application are available:
| • | Execute in a limited mode – launch application in a sandbox. |
| • | Scan and execute in a limited mode after – scan and launch application in a sandbox if no malicious code was detected. |
| • | Execute in install mode - launch application and add to system profile as trusted. |
| • | Scan and execute in install mode after - scan and launch application if no malicious code was detected. Add application to system profile as trusted. |
| • | Block – prevent application from launching |
Following decisions on Launching unknown installer/updater are available:
| • | Install – launch installer/updater and add all new modules to the system profile as trusted. |
| • | Scan and install after – scan and launch installer/updater if no malicious code was detected. Add all new application’s modules to system profile as trusted. |
| • | Install in a limited mode - launch installer/updater in a sandbox. |
| • | Scan and install in a limited mode after - scan and launch installer/updater in a sandbox if no malicious code was detected. |
| • | Block – prevent installer from launching |
Following decisions on control policy violation are available:
| • | Allow – operation which is not allowed by the SysWatch’s control policy will be permitted. |
| • | Scan and allow after - operation which is not allowed by the SysWatch’s control policy will be permitted, if no malicious code was detected. |
| • | Block - operation which is not allowed by the SysWatch’s control policy will be blocked. |
| • | Block and Kill application - operation which is not allowed by the SysWatch’s control policy will be blocked and the process initiated this operation will be stopped. |
You can also set additional parameters:
Delayed decision – in case of an incident, automatic decision will be made after the delay, if no manual decision were made.
Remember decision on session - in case of an incident, automatic decisions on application’s operations will be made until it will be stopped (applicable for Control policy violation only).
Decide on the administering computer - applicable for corporate products only. Decision will be made by the administrator remotely via management console - Admin Explorer.
|
