PSFalcon

2.2.5

policy/windows.json

                                [{"phase":"1","platform_name":"windows","prevention_settings":[{"id":"EndUserNotifications","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"UnknownDetectionRelatedExecutables","type":"toggle","value":{"enabled":true}},{"id":"UnknownExecutables","type":"toggle","value":{"enabled":true}},{"id":"SensorTamperingProtection","type":"toggle","value":{"enabled":true}},{"id":"AdditionalUserModeData","type":"toggle","value":{"enabled":true}},{"id":"InterpreterProtection","type":"toggle","value":{"enabled":true}},{"id":"EngineProtectionV2","type":"toggle","value":{"enabled":true}},{"id":"ScriptBasedExecutionMonitoring","type":"toggle","value":{"enabled":false}},{"id":"HTTPDetections","type":"toggle","value":{"enabled":true}},{"id":"RedactHTTPDetectionDetails","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"HardwareEnhancedExploitDetection","type":"toggle","value":{"enabled":true}},{"id":"MemoryScan","type":"toggle","value":{"enabled":true}},{"id":"CPUMemoryScan","type":"toggle","value":{"enabled":false}},{"id":"FirmwareAnalysisExtraction","type":"toggle","value":{"enabled":false}},{"id":"CloudAntiMalware","type":"mlslider","value":{"detection":"MODERATE","prevention":"DISABLED"}},{"id":"AdwarePUP","type":"mlslider","value":{"detection":"MODERATE","prevention":"DISABLED"}},{"id":"OnSensorMLSlider","type":"mlslider","value":{"detection":"MODERATE","prevention":"DISABLED"}},{"id":"OnSensorMLSliderForSensorEndUserScans","type":"mlslider","value":{"detection":"MODERATE","prevention":"DISABLED"}},{"id":"OnSensorMLSliderForCloudEndUserScans","type":"mlslider","value":{"detection":"MODERATE","prevention":"DISABLED"}},{"id":"USBInsertionTriggeredScan","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"DetectOnWrite","type":"toggle","value":{"enabled":true}},{"id":"QuarantineOnWrite","type":"toggle","value":{"enabled":false}},{"id":"NextGenAV","type":"toggle","value":{"enabled":false}},{"id":"NextGenAVQuarantineOnRemovableMedia","type":"toggle","value":{"enabled":true}},{"id":"CustomBlacklisting","type":"toggle","value":{"enabled":true}},{"id":"PreventSuspiciousProcesses","type":"toggle","value":{"enabled":false}},{"id":"SuspiciousRegistryOperations","type":"toggle","value":{"enabled":false}},{"id":"MaliciousPowershell","type":"toggle","value":{"enabled":false}},{"id":"IntelPrevention","type":"toggle","value":{"enabled":true}},{"id":"SuspiciousKernelDrivers","type":"toggle","value":{"enabled":true}},{"id":"ForceASLR","type":"toggle","value":{"enabled":false}},{"id":"ForceDEP","type":"toggle","value":{"enabled":false}},{"id":"HeapSprayPreallocation","type":"toggle","value":{"enabled":false}},{"id":"NullPageAllocation","type":"toggle","value":{"enabled":false}},{"id":"SEHOverwriteProtection","type":"toggle","value":{"enabled":false}},{"id":"BackupDeletion","type":"toggle","value":{"enabled":true}},{"id":"Cryptowall","type":"toggle","value":{"enabled":true}},{"id":"FileEncryption","type":"toggle","value":{"enabled":true}},{"id":"Locky","type":"toggle","value":{"enabled":true}},{"id":"FileSystemAccess","type":"toggle","value":{"enabled":true}},{"id":"VolumeShadowCopyAudit","type":"toggle","value":{"enabled":true}},{"id":"VolumeShadowCopyProtect","type":"toggle","value":{"enabled":false}},{"id":"ApplicationExploitationActivity","type":"toggle","value":{"enabled":true}},{"id":"ChopperWebshell","type":"toggle","value":{"enabled":true}},{"id":"DriveByDownload","type":"toggle","value":{"enabled":true}},{"id":"ProcessHollowing","type":"toggle","value":{"enabled":true}},{"id":"JavaScriptViaRundll32","type":"toggle","value":{"enabled":true}},{"id":"WindowsLogonBypassStickyKeys","type":"toggle","value":{"enabled":true}},{"id":"CredentialDumping","type":"toggle","value":{"enabled":true}},{"id":"AutomatedRemediation","type":"toggle","value":{"enabled":true}}],"updated":"2022-11-22"},{"phase":2,"platform_name":"windows","prevention_settings":[{"id":"AdditionalUserModeData","type":"toggle","value":{"enabled":true}},{"id":"AdwarePUP","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"ApplicationExploitationActivity","type":"toggle","value":{"enabled":true}},{"id":"AutomatedRemediation","type":"toggle","value":{"enabled":true}},{"id":"BackupDeletion","type":"toggle","value":{"enabled":true}},{"id":"ChopperWebshell","type":"toggle","value":{"enabled":true}},{"id":"CloudAntiMalware","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"CPUMemoryScan","type":"toggle","value":{"enabled":true}},{"id":"CredentialDumping","type":"toggle","value":{"enabled":true}},{"id":"Cryptowall","type":"toggle","value":{"enabled":true}},{"id":"CustomBlacklisting","type":"toggle","value":{"enabled":true}},{"id":"DetectOnWrite","type":"toggle","value":{"enabled":true}},{"id":"DriveByDownload","type":"toggle","value":{"enabled":true}},{"id":"EndUserNotifications","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"EngineProtectionV2","type":"toggle","value":{"enabled":true}},{"id":"FileEncryption","type":"toggle","value":{"enabled":true}},{"id":"FileSystemAccess","type":"toggle","value":{"enabled":true}},{"id":"FirmwareAnalysisExtraction","type":"toggle","value":{"enabled":false}},{"id":"ForceASLR","type":"toggle","value":{"enabled":false}},{"id":"ForceDEP","type":"toggle","value":{"enabled":false}},{"id":"HardwareEnhancedExploitDetection","type":"toggle","value":{"enabled":true}},{"id":"HeapSprayPreallocation","type":"toggle","value":{"enabled":false}},{"id":"HTTPDetections","type":"toggle","value":{"enabled":true}},{"id":"IntelPrevention","type":"toggle","value":{"enabled":true}},{"id":"InterpreterProtection","type":"toggle","value":{"enabled":true}},{"id":"JavaScriptViaRundll32","type":"toggle","value":{"enabled":true}},{"id":"Locky","type":"toggle","value":{"enabled":true}},{"id":"MaliciousPowershell","type":"toggle","value":{"enabled":true}},{"id":"MemoryScan","type":"toggle","value":{"enabled":true}},{"id":"NextGenAV","type":"toggle","value":{"enabled":true}},{"id":"NextGenAVQuarantineOnRemovableMedia","type":"toggle","value":{"enabled":true}},{"id":"NullPageAllocation","type":"toggle","value":{"enabled":true}},{"id":"OnSensorMLSlider","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"OnSensorMLSliderForCloudEndUserScans","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"OnSensorMLSliderForSensorEndUserScans","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"PreventSuspiciousProcesses","type":"toggle","value":{"enabled":true}},{"id":"ProcessHollowing","type":"toggle","value":{"enabled":true}},{"id":"QuarantineOnWrite","type":"toggle","value":{"enabled":true}},{"id":"RedactHTTPDetectionDetails","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"ScriptBasedExecutionMonitoring","type":"toggle","value":{"enabled":true}},{"id":"SEHOverwriteProtection","type":"toggle","value":{"enabled":true}},{"id":"SensorTamperingProtection","type":"toggle","value":{"enabled":true}},{"id":"SuspiciousKernelDrivers","type":"toggle","value":{"enabled":true}},{"id":"SuspiciousRegistryOperations","type":"toggle","value":{"enabled":true}},{"id":"UnknownDetectionRelatedExecutables","type":"toggle","value":{"enabled":true}},{"id":"UnknownExecutables","type":"toggle","value":{"enabled":true}},{"id":"USBInsertionTriggeredScan","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"VolumeShadowCopyAudit","type":"toggle","value":{"enabled":true}},{"id":"VolumeShadowCopyProtect","type":"toggle","value":{"enabled":true}},{"id":"WindowsLogonBypassStickyKeys","type":"toggle","value":{"enabled":true}}],"updated":"2023-01-04"},{"phase":"3","platform_name":"windows","prevention_settings":[{"id":"EndUserNotifications","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"UnknownDetectionRelatedExecutables","type":"toggle","value":{"enabled":true}},{"id":"UnknownExecutables","type":"toggle","value":{"enabled":true}},{"id":"SensorTamperingProtection","type":"toggle","value":{"enabled":true}},{"id":"AdditionalUserModeData","type":"toggle","value":{"enabled":true}},{"id":"InterpreterProtection","type":"toggle","value":{"enabled":true}},{"id":"EngineProtectionV2","type":"toggle","value":{"enabled":true}},{"id":"ScriptBasedExecutionMonitoring","type":"toggle","value":{"enabled":true}},{"id":"HTTPDetections","type":"toggle","value":{"enabled":true}},{"id":"RedactHTTPDetectionDetails","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"HardwareEnhancedExploitDetection","type":"toggle","value":{"enabled":true}},{"id":"MemoryScan","type":"toggle","value":{"enabled":true}},{"id":"CPUMemoryScan","type":"toggle","value":{"enabled":true}},{"id":"FirmwareAnalysisExtraction","type":"toggle","value":{"enabled":true}},{"id":"CloudAntiMalware","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"AdwarePUP","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"OnSensorMLSlider","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"OnSensorMLSliderForSensorEndUserScans","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"OnSensorMLSliderForCloudEndUserScans","type":"mlslider","value":{"detection":"AGGRESSIVE","prevention":"MODERATE"}},{"id":"USBInsertionTriggeredScan","type":"toggle","value":{"enabled":"customer_preference"}},{"id":"DetectOnWrite","type":"toggle","value":{"enabled":true}},{"id":"QuarantineOnWrite","type":"toggle","value":{"enabled":true}},{"id":"NextGenAV","type":"toggle","value":{"enabled":true}},{"id":"NextGenAVQuarantineOnRemovableMedia","type":"toggle","value":{"enabled":true}},{"id":"CustomBlacklisting","type":"toggle","value":{"enabled":true}},{"id":"PreventSuspiciousProcesses","type":"toggle","value":{"enabled":true}},{"id":"SuspiciousRegistryOperations","type":"toggle","value":{"enabled":true}},{"id":"MaliciousPowershell","type":"toggle","value":{"enabled":true}},{"id":"IntelPrevention","type":"toggle","value":{"enabled":true}},{"id":"SuspiciousKernelDrivers","type":"toggle","value":{"enabled":true}},{"id":"ForceASLR","type":"toggle","value":{"enabled":true}},{"id":"ForceDEP","type":"toggle","value":{"enabled":false}},{"id":"HeapSprayPreallocation","type":"toggle","value":{"enabled":true}},{"id":"NullPageAllocation","type":"toggle","value":{"enabled":true}},{"id":"SEHOverwriteProtection","type":"toggle","value":{"enabled":true}},{"id":"BackupDeletion","type":"toggle","value":{"enabled":true}},{"id":"Cryptowall","type":"toggle","value":{"enabled":true}},{"id":"FileEncryption","type":"toggle","value":{"enabled":true}},{"id":"Locky","type":"toggle","value":{"enabled":true}},{"id":"FileSystemAccess","type":"toggle","value":{"enabled":true}},{"id":"VolumeShadowCopyAudit","type":"toggle","value":{"enabled":true}},{"id":"VolumeShadowCopyProtect","type":"toggle","value":{"enabled":true}},{"id":"ApplicationExploitationActivity","type":"toggle","value":{"enabled":true}},{"id":"ChopperWebshell","type":"toggle","value":{"enabled":true}},{"id":"DriveByDownload","type":"toggle","value":{"enabled":true}},{"id":"ProcessHollowing","type":"toggle","value":{"enabled":true}},{"id":"JavaScriptViaRundll32","type":"toggle","value":{"enabled":true}},{"id":"WindowsLogonBypassStickyKeys","type":"toggle","value":{"enabled":true}},{"id":"CredentialDumping","type":"toggle","value":{"enabled":true}},{"id":"AutomatedRemediation","type":"toggle","value":{"enabled":true}}],"updated":"2022-11-22"}]