Emotet, LemonDuck, and PowerMiner are the latest entries in the list of malware that could potentially harm our device. But, since McAfee is always one step ahead of these infections, therefore McAfee’s Adaptive Threat Protection feature can counter these malware families also. Now, you must be thinking about what is ATP and how to set ATP rules to prevent attacks from these malware families.
What is Adaptive Threat Protection?
When the operating system of your device is at risk and is used by attackers to infect your device with threats, at that time, ATP comes into action. There are certain rules in ATP which play the role of Attack Surface. When you apply these rules on your device, it actively detects the suspicious activities on your OS. These activities might sometimes be caused by legitimate apps also, therefore one has to be extra careful while setting rules.
The use of ATP has itself detected a large number of malware pieces since the beginning of this year. The rules were set on McAfee Endpoint Security (ENS) 10.5.3 and above and have given tremendous results. So, in the upcoming sections we will learn about three types of ATP rules and how to enable it.
Read Also >> Stay secured and protected from FedEx SMS scam
An overview of three types of ATP rules
Evaluate, DefaultOn, and HighOn are the three basic and most effective rules that you can set within ATP.
- Evaluate rules- when the user set a rule, it goes in the evaluation mode for a period of time. During this period, McAfee researchers analyze that if the set rules are effective enough to detect any suspicious or malicious activity. The research team also ensures the rules are not posing any negative impact on your PC. Once the analysis process is complete, the team makes the desired changes in it or promotes it to other types.
- DefaultOn rules- these rules are created when the team of McAfee has a complete trust that no program or app can impact anything.
- HighOn rules- these rules every behavior undergoing in your device be it for malicious or non-malicious apps. In the Balanced rule group of the device, the HighOn rules are set in Observe mode. Sometimes, this rule also acts as the former rule.
Steps to enable ATP rules using McAfee Endpoint Security version 10.5.3 and higher
Before starting with the process to enable these rules, you should note that the ‘Observe’ mode is set as default in most of the ATP rules. Therefore, from the Observe mode, you can easily enable the active-blocking mode by using the ePO Console. To set the rule:
- First of all, you need to go to the menu of your ePO Console.
- After this, click on the ‘Configuration’ option.
- Further, you need to select ‘Server Settings’.
- From the Server Settings page, click on the Adaptive Threat Protection present in the Settings Categories.
- Now, choose one of the three rule groups; Productivity, Balanced, or Security.
Once you set a rule, McAfee’s research team will analyze and modify it from time to time to ensure the safety of your device. Other than this, you can also edit a rule by just tapping on the ‘Edit’ option present below a particular rule. In case you later see any changes to the rules, then do not worry, as it has been done by McAfee’s research team.