If Restrictions profile for Windows is default then they don`t directly affect windows endpoints. We must edit and and apply them for getting protection in endpoints. But in Linux it is not same. Even if Restriction profile is default, XDR can generate alert base on global BIOC. I want to know why there are such difference?
Not sure I completely got your question so tell if the following helps with understanding the flow:
Restriction profile allows you to apply custom made BIOC's that upon detection will be prevented by the agent, in case you are using the default profiles then no prevention will take place but the detection will happen if the BIOC rule is configured in your BIOC repository (preconfigured or custom made BIOCs).
BIOC's will trigger detection alerts regarding the fact that no prevention rule configured in the restriction profile, those are 2 different capabilities that can be linked in order to enhance the prevention capabilities.
is that answer you question?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!