- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-15-2024 09:39 PM
Hi everyone,
Just wondering how's the performance or resource is impacted when this protection is on, i bet it would have certain impact as this is "Disabled" by default. or any other concerns if ON?
Any experience to share?
thanks
04-17-2024 08:35 AM
Hi @SeanDeHarris, thanks for reaching us using the Live Community.
The on-write protection should not generate too much impact on the endpoints, because this module only starts a scan when the written file is an executable or a script. The scan workflow is the same when a file is executed, first it will ask to Wildfire about the reputation, and if the reputation is good, no other scan will be executed.
If you want to test if first, I'll recommend you to create a new malware profile, enable this feature, and assign it to a group of endpoints to monitor the performance behavior.
If this post answers your question, please mark it as the solution.
04-22-2024 06:50 AM - edited 04-22-2024 06:51 AM
Hi @jmazzeo
When one reads the name of the module, normally comes to mind every kind of file writing events, not only the executables or scripts. Couldn't find the exact info about it in the docus. Do you have a link to the source of this info, where perhaps I can get more also on other modules?
Thanks in advence.
04-23-2024 11:50 AM
This is a screenshot that we can share from our internal docs about the On-Write file protection file types and some other useful information:
If this post answers your question, please mark it as the solution.
04-23-2024 10:36 PM - edited 04-23-2024 10:56 PM
Thanks @jmazzeo , this is helpful.👍
As far as I see, even as admin I have only the option to turn it on or off, Enabled/Disabled, in Malware Prevention Profile from the Console. So, no option to use this protection type in monitoring only mode (no "Report" only option), if enabled it will detect and prevent in any case. Is that correct?
04-24-2024 05:42 AM
That toggle is to enable the ability to send the written files to analysis. The actions are made by the usual modules as is mentioned in the last bullet on the screenshot.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!