OneView comes with a default policy configured by the console. However, once a policy is modified, there is no way to restore the policy to its default configuration easily. To restore a policy to its default state, you must configure it manually. This article details all default policy settings with a new OneView console.
The following displays the default status for each policy option and operating system:
- ✓ Policy option is enabled.
- -- Policy option is disabled.
- X Policy option is unavailable.
Endpoint agent
For more information on each policy setting, see Configure Endpoint agent settings in OneView.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Show the Malwarebytes icon in the notification area | ✓ | ✓ | X | X | X | X |
Display real-time protection notifications | ✓ | ✓ | X | X | X | X |
Allow users to run a Threat Scan (all threats will be quarantined automatically) | ✓ | ✓ | X | X | X | X |
Show Malwarebytes shortcuts on Start menu and desktop to run Threat Scans | -- | X | X | X | X | X |
Show Malwarebytes option in context menus | ✓ | X | X | X | X | X |
Allow only Administrator level users to interact with the Malwarebytes Tray | -- | X | X | X | X | X |
Automatically download and install Malwarebytes application updates | ✓ | ✓ | X | X | X | X |
Pause endpoint agent updates | -- | X | X | X | X | X |
Automatically reboot endpoints when required | -- | -- | X | X | X | X |
Use memory caching | X | X | X | ✓ | ✓ | X |
Allow users to postpone a reboot | ✓ | ✓ | X | X | X | X |
Automatically remove endpoints not seen in 90 days | ✓ | ✓ | ✓ | X | X | X |
Provide all services with additional time to initiate | ✓ | X | X | X | X | X |
Enable service health monitoring | -- | X | X | X | X | X |
Tamper protection
For more information on each policy setting, see Configure Tamper protection options in OneView.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Uninstall Protection | ✓ | ✓ | X | X | X | X |
Service and Process Protection | ✓ | X | X | X | X | X |
Protection settings
For more information on each policy setting, see Configure Protection settings in OneView.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Web protection | ✓ | X | X | X | X | ✓ |
Exploit protection | ✓ | X | X | X | X | x |
Block potentially malicious email attachments (Outlook desktop only) | ✓ | X | X | X | X | X |
Malware protection | ✓ | ✓ | ✓ | X | X | |
Behavior protection | ✓ | X | X | ✓ | ✓ | X |
Block untrusted applications | X | ✓ | X | X | X | X |
Ad block | X | X | X | X | X | ✓ |
Self-Protection (Requires Real-time protection to be enabled) | ✓ | X | X | X | X | X |
Boot Process | -- | X | X | X | X | X |
Device Control (Set to Allow full access to the device) | ✓ | X | X | X | X | X |
Check for protection software updates (1 Hour) |
✓ | X | X | X | X | X |
Protection updates delay (No delay) | ✓ | X | X | X | X | X |
Delay real-time protection when Malwarebytes starts for (15 seconds) | -- | X | X | X | X | X |
Windows Action Center (Let Malwarebytes apply the best Windows Action Center settings) | -- | X | X | X | X | X |
Allow protection updates over expensive networks | X | X | X | -- | -- | -- |
Scan settings
For more information on each policy setting, see Configure Scan settings in OneView.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Scan the contents of compressed folders (e.g. .zip, .rar. etc.) | ✓ | X | X | X | X | X |
Detect signature-less anomalous files | ✓ | X | X | X | X | X |
Scan for rootkits on the endpoints | -- | ✓ | X | X | X | X |
Treat potentially unwanted programs (PUPs) as malware | ✓ | ✓ | X | X | X | X |
Treat potentially unwanted modifications (PUMs) as malware | ✓ | X | X | X | X | X |
Use deep scanner during a full scan | x | x | x | ✓ | ✓ | X |
Use power saver during scans | x | x | x | ✓ | X | X |
Perform scans only while charging | x | x | x | -- | -- | X |
Scan automatically after reboot | x | x | x | ✓ | ✓ | X |
Scan automatically after update | x | x | x | ✓ | ✓ | X |
Select how endpoints should prioritize scans vs system performance (Low Priority: Better multi-tasking response) | ✓ | X | X | X | X | X |
Select maximum allocation of CPU resources for scans (Low 25%) | -- | ✓ | X | X | X | X |
Endpoint Detection and Response
For more information on each policy setting, see Configure Endpoint Detection and Response options in OneView.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Suspicious activity monitoring | ✓ | ✓ | ✓ | X | X | X |
Suspicious activity monitoring on servers | ✓ | X | ✓ | X | X | X |
Enables a very aggressive detection mode | -- | X | X | X | X | X |
Collect networking events to include in searching | ✓ | X | X | X | X | X |
Flight Recorder Search | ✓ | ✓ | ✓ | X | X | X |
Ransomware Rollback | ✓ | X | X | X | X | X |
Rollback timeframe (72 Hours) | ✓ | X | X | X | X | X |
Rollback free disk space quota (30%) | ✓ | X | X | X | X | X |
Workstation rollback filesize (20 MB) | ✓ | X | X | X | X | X |
Server rollback filesize (100 MB) | ✓ | X | X | X | X | X |
Enable endpoint isolation to allow locking/unlocking of endpoints | ✓ | ✓ | ✓ | X | X | X |
Active Response Shell | ✓ | X | X | X | X | X |
Enable secure connections using certificate pinning | ✓ | X | X | X | X | X |
Brute force protection
For more information on each policy setting, see Configure Brute Force Protection in OneView.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
RDP (Port Blank) | ✓ | X | X | X | X | X |
FTP (Port 21) | -- | X | X | X | X | X |
IMAP (Port 143/9993) | -- | X | X | X | X | X |
MSSQL (Port 1433) | -- | X | X | X | X | X |
POP3 (Port 110/995) | -- | X | X | X | X | X |
SMTP (Port 25/465/587/2525) | -- | X | X | X | X | X |
Prevent private network connections from being blocked | -- | X | X | X | X | X |
Software management
For more information on each policy setting, see Configure Software management in OneView.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Allow scanning for known vulnerabilities in installed software (Vulnerability Assessment) | ✓ | -- | X | X | X | X |
Allow updating software inventory and applying available OS patches for endpoints (Patch Management) |
✓ | X | X | X | X | X |
Allow blocking chosen executables from running |
✓ | X | X | X | X | X |
Connected storage device (USB storage, etc.) | ✓ | ✓ | ✓ | X | X | X |
Physical and virtual memory of the endpoints | ✓ | ✓ | ✓ | X | X | X |
Installed startup programs on the endpoints | ✓ | ✓ | ✓ | X | X | X |
Installed software on the endpoints | ✓ | ✓ | ✓ | X | X | X |
Software updates installed on the endpoints | ✓ | ✓ | ✓ | X | X | X |