We'd love to hear about it! Click here to go to the product suggestion community
Hi Karl & Team,
I thought this questions might of general interest.
What is the plan about the green/grey "on-off" buttons which can turn off specific protection features for up to 4 hours in the Intercept-X agent setting tab?
Will there be a new on/off button for ML-Detections?
Will there be an individual on/off button for "Active Adversary" protection features?
We will not have local override on the EP for ML or active adversary when tamper protection is disabled.
There will be a policy control for ML in Central that can be turned on/off
To disable Active Adversary protections you need to disable the exploit protections in Central.
As a general practice we would like customers to leave the protections enabled and use the suppression mechanisms to address false positive detection. - For ML that is the global "allowed applications" - You add an application to the allowed application list from the detection event during EAP
- For Active Adversary/Exploits in general suppression/exclusion is through Scanning exclusions in the policy for detected exploit activity. This is a narrow suppression of the specific technique detected for the application, so other applications are still protected from the technique and other techniques are still monitored for in the application.