{{ secondMenu.name }}
Endpoint Security includes Malware Detection, Endpoint Secure, and Patch Check.
3.9.4.1.1 Malware Detection
Sangfor Malware Detection uses the combination of botnet behavior analysis and feature recognition to identify and block Malware suspected of having Trojan in the LAN security domain. It has built-in cloud security detection technology and reports the unknown virtual risk to the cloud virtual sandbox to Execute and release the analysis result report, effectively preventing the host from accessing the illegal, malicious URL.
Select Enabled.
Excluded Addresses: Add the IP addresses that do not need to be detected and can be whitelisted.
Excluded Websites: Add the Websites that do not need to be detected and can be whitelisted.
Action: You can Give Alert (combined with the System > General > Alarm Option), Block access to malicious URLs, or Block source IP.
3.9.4.1.2 Endpoint Secure
As an endpoint detection and response platform and a lightweight endpoint + management platform solution, Sangfor Endpoint Secure utilizes the capability of constant detection of endpoint threats and the response option of isolating threat events with one click. The Sangfor Endpoint Secure, with correlated response in combination with NGAF, IAG, and Cyber Command products, constitutes the new generation of secure protection systems.
This function applies to scenarios already using Endpoint Secure products. In the endpoint deployment of Endpoint Secure, Correlation to Sangfor IAG is added. See the picture below: 
In the IAG endpoint's Endpoint Secure page, enter the IP address of the Endpoint Secure platform to connect to the platform.
After the connection is completed: The page displays Endpoint Secure's service information, the number of connected endpoints, and correlated actions.
Click Go to Endpoint Secure to go to the management platform of Endpoint Secure. 
Click View Correlation Details to go to the details page of the correlated endpoint.
Click Push Configuration to enable this function and configure the Applicable Object of this policy. It realizes pushing the reminder web page of deploying the Endpoint Secure client to endpoints within the applicable scope, helping the LAN promote the Endpoint Secure client.
Enable Push Configuration: This function is disabled by default. Enable it on demand.
Applicable Object: applicable to LAN IP addresses or IP segments.
Redirection URL: for generating, copying, and adding Endpoint Secure devices
Connection configuration for Endpoint Secure SANGFOR ENDPOINT SECURE.
Interval(s): define the interval for pushing the web page to clients who do not have the agent installed. It is 300s by default.
For endpoints within the applicable address scope that do not have the agent installed, the timed redirection page is as follows: 
Upon receiving this redirection page, download the corresponding installation package for the operating system to the client and complete the installation.
The only redirection of accessing the HTTP web page is supported; accessing the HTTP web page is not supported.
Click Disconnect from SANGFOR ENDPOINT SECURE to disconnect the correlation between the device and Endpoint Secure.
3.9.4.1.3 Patch Check
The Windows patch detection function can detect patches and patch update prompts that are not currently installed on the client computer on time, enabling users with insufficient security awareness to actively improve the security of the operating system and help administrators reduce the work pressure from the LAN security.
See details in Patch Detection Rule.
{{ $t('index.defaultHeader.chromeBrowserTip') }}