| Module |
Level 1 Directory |
Level 2 Directory |
Risky Operation |
Description |
Risk Level |
Response |
| Policies |
General Policies |
Anti-Malware |
The action for a detected threat file is set to Auto Fix - Security First. |
A business file may be quarantined due to a false positive, which can cause a system error. |
High |
Set the action for a detected threat file to Auto Fix - Business Continuity First. |
| Policies |
General Policies |
Anti-Malware |
The engine is set to High Detection Rate for daily operations. |
The virus detection rate is higher in High Detection Rate mode, resulting in more false positives. We recommend using this mode only when you test the virus detection rate. |
High |
Do not set the engine to High Detection Rate for daily operations. |
| Policies |
General Policies |
Realtime Protection |
In the Realtime File Protection section, the action to take for a detected threat file is set to Auto Fix - Security First. |
A business file may be quarantined due to a false positive, which can cause a system error. |
High |
Set the action for a detected threat file to Auto Fix - Business Continuity First. |
| Detection and Response |
Anti-Malware |
Scan Mode |
When the server performance is insufficient, the scan mode is set to High CPU. |
In High CPU mode, a scan consumes more endpoint CPU resources. This affects the system services if the server performance is insufficient. We recommend that you set the scan mode to Balanced by default. |
High |
When the server performance is insufficient, set the scan mode to Low CPU or Adaptive. |
| Detection and Response |
Target Assets |
/ |
Endpoint isolation |
An isolated endpoint cannot access any other networks. If a server is isolated, your business may be affected. |
High |
Go to Detection and Response > Target Assets > Isolated, and remove the endpoint from isolation. |
| Detection and Response |
Response |
Endpoint Isolation |
Isolation |
An isolated endpoint cannot access any other networks. If a server is isolated, your business may be affected. |
High |
Go to Detection and Response > Response > Endpoint Isolation, and remove the asset from isolation. |
| Detection and Response |
Response |
Domain Isolation |
Domain name and IP address isolation |
An isolated domain name or IP address is not accessible to endpoints. Your business may be affected if an isolated domain or IP address is required for a service. |
High |
Go to Detection and Response > Response > Domain Blocking, and remove the domain name or IP address from isolation. |
| Detection and Response |
Response |
Process Killing |
Process Killing |
A process blocked on an endpoint is killed. Your business may be affected if the process is required for a service. |
High |
Restart the process on the endpoint. |
| Detection and Response |
Response |
File Quarantine |
File quarantine |
A file is quarantined. Your business may be affected if the file is required for a service. |
High |
Go to Detection and Response > Response > File Quarantine, and remove the file from the Quarantine area. You can also perform file restoration on an integrated device. |
| Risk Assessment |
Vulnerability Remediation |
Patching |
Some vulnerability fixes require a system restart to take effect. Your business will be interrupted if you specify to restart the server automatically after fixing a vulnerability. |
Your business is interrupted due to a server restart. |
High |
We recommend that you do not specify to automatically restart the server after fixing a vulnerability. Instead, you can manually restart the server when the restart causes a minimal business impact. |
| Policies |
General Policies |
Anti-Ransomware |
You have enabled the trusted process whitelist, but have not added server service processes to the whitelist. |
Key server services cannot run, resulting in business interruption. |
High |
Add server service processes to the whitelist. |
{{ language }}
{{ $t('index.defaultHeader.chromeBrowserTip') }}