Feature Manager
You can use the Feature manager screen in the deployment wizard to enable or disable certain features during the installation process.
The following table describes the feature enablement option.
Feature |
Description |
---|---|
File Events |
Enabled by default in 23.1. Collect data regarding CREATE, RENAME, and DELETE operations on files. Collected information includes:
|
Registry Events |
Enabled by default in 23.1. Collect data regarding specified registry keys that you select. Collected information includes:
|
Endpoint controls |
Enabled by default in 23.1. With Endpoint controls, you can secure frequently exploited points of access on an endpoint, such as removable devices or incoming/outgoing connections. Endpoint controls allow organizations to enhance security posture, protect environments against a variety of threats, and reduce the attack surface. For more information, see Endpoint Controls. |
Remote Shell - restricted mode |
The Remote Shell utility enables you to respond to and remediate malicious activity and Malops on a single machine. The restricted mode limits commands. For more information about restricted/secure mode, see Remote Shell Utility Use Case - Secure Mode. |
Remote Shell - unrestricted mode |
The Remote Shell utility enables you to respond to and remediate malicious activity and Malops on a single machine. For more information about unrestricted mode, see Remote Shell Utility Use Case - Unrestricted. Note To use the Remote Shell utility in unrestricted mode, enable two-factor authentication in your environment. |
File search |
Enabled by default in 23.1. The file search feature allows analysts to search for problematic files when investigating malicious operations. See Search and Browse Files on Machines in the documentation for more information. Note Enable file search with caution, as doing so may have negative affects on performance. Contact your Customer Success Manager for more details. |
Sensor tampering protection |
Sensor tampering protection provides enhanced protection to the Cybereason processes running on Windows endpoints. For more information see Sensor tampering protection. |