Feature Manager

You can use the Feature manager screen in the deployment wizard to enable or disable certain features during the installation process.

The following table describes the feature enablement option.

Feature	Description
File Events	Enabled by default in 23.1. Collect data regarding CREATE, RENAME, and DELETE operations on files. Collected information includes: Event type The first time Cybereason collected the file event The file on which the file event is performed The machine on which the file event occurs The process that performed the file event The user currently logged into the machine on which the file event occurs
Registry Events	Enabled by default in 23.1. Collect data regarding specified registry keys that you select. Collected information includes: Registry key associated with this registry event Path to the registry key Data and data type in the registry key Process and machine for the registry key associated with the registry event
Endpoint controls	Enabled by default in 23.1. With Endpoint controls, you can secure frequently exploited points of access on an endpoint, such as removable devices or incoming/outgoing connections. Endpoint controls allow organizations to enhance security posture, protect environments against a variety of threats, and reduce the attack surface. For more information, see Endpoint Controls.
Remote Shell - restricted mode	The Remote Shell utility enables you to respond to and remediate malicious activity and Malops on a single machine. The restricted mode limits commands. For more information about restricted/secure mode, see Remote Shell Utility Use Case - Secure Mode.
Remote Shell - unrestricted mode	The Remote Shell utility enables you to respond to and remediate malicious activity and Malops on a single machine. For more information about unrestricted mode, see Remote Shell Utility Use Case - Unrestricted. Note To use the Remote Shell utility in unrestricted mode, enable two-factor authentication in your environment.
File search	Enabled by default in 23.1. The file search feature allows analysts to search for problematic files when investigating malicious operations. See Search and Browse Files on Machines in the documentation for more information. Note Enable file search with caution, as doing so may have negative affects on performance. Contact your Customer Success Manager for more details.
Sensor tampering protection	Sensor tampering protection provides enhanced protection to the Cybereason processes running on Windows endpoints. For more information see Sensor tampering protection.