diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc index a7113435ef..9bcdffa5b9 100644 --- a/docs/getting-started/configure-integration-policy.asciidoc +++ b/docs/getting-started/configure-integration-policy.asciidoc @@ -59,7 +59,7 @@ to create a new trusted application, go to **Manage** -> **Trusted applications* that looks for static attributes to determine if a file is malicious or benign. By default, malware protection is enabled on Windows, macOS, and Linux hosts. -To disable malware protection, switch the **Malware protections enabled** toggle off. +To disable malware protection, turn off the **Malware protections** toggle. Malware protection levels are: @@ -67,14 +67,16 @@ Malware protection levels are: You must pay attention to and analyze any malware alerts that are generated. * **Prevent** (Default): Detects malware on the host, blocks it from executing, and generates an alert. +These additional options are available for malware protection: + +* **Blocklist**: Enable or disable the <> for all hosts associated with this {elastic-defend} policy. The blocklist allows you to prevent specified applications from running on hosts, extending the list of processes that {elastic-defend} considers malicious. + +* **Scan files upon modification**: By default, {elastic-defend} scans files every time they're modified, which can be resource-intensive on hosts where files are frequently modified, such as servers and developer machines. Turn off this option to only scan files when they're executed. {elastic-defend} will continue to identify malware as it attempts to run, providing a robust level of protection while improving endpoint performance. + Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the *Prevent* option. TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {filename}` syntax. -Malware protection also allows you to manage a blocklist to prevent specified applications from running on hosts, -extending the list of processes that {elastic-defend} considers malicious. Use the **Blocklist enabled** toggle -to enable or disable this feature for all hosts associated with the integration policy. To configure the blocklist, refer to <>. - [role="screenshot"] image::images/install-endpoint/malware-protection.png[Detail of malware protection section.] diff --git a/docs/getting-started/images/install-endpoint/malware-protection.png b/docs/getting-started/images/install-endpoint/malware-protection.png index 44a95fbd6c..21f824edec 100644 Binary files a/docs/getting-started/images/install-endpoint/malware-protection.png and b/docs/getting-started/images/install-endpoint/malware-protection.png differ