This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

On-write Protection is disabled by default

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

On-write Protection is disabled by default

SeanDeHarris
L2 Linker

‎04-15-2024 09:39 PM

Hi everyone, 

Just wondering how's the performance or resource is impacted when this protection is on, i bet it would have certain impact as this is "Disabled" by default. or any other concerns if ON?

Any experience to share?

thanks 

Life is full of surprise,
Just embrace it!
0 Likes Likes
5 REPLIES 5

jmazzeo
L4 Transporter

‎04-17-2024 08:35 AM

Hi @SeanDeHarris, thanks for reaching us using the Live Community.

 

The on-write protection should not generate too much impact on the endpoints, because this module only starts a scan when the written file is an executable or a script. The scan workflow is the same when a file is executed, first it will ask to Wildfire about the reputation, and if the reputation is good, no other scan will be executed.

If you want to test if first, I'll recommend you to create a new malware profile, enable this feature, and assign it to a group of endpoints to monitor the performance behavior.

 

 

If this post answers your question, please mark it as the solution.

JM
0 Likes Likes

AbdBgc
L0 Member
In response to jmazzeo

‎04-22-2024 06:50 AM - edited ‎04-22-2024 06:51 AM

Hi @jmazzeo 

 

When one reads the name of the module, normally comes to mind every kind of file writing events, not only the executables or scripts. Couldn't find the exact info about it in the docus. Do you have a link to the source of this info, where perhaps I can get more  also on other modules? 

 

Thanks in advence.

0 Likes Likes

jmazzeo
L4 Transporter
In response to AbdBgc

‎04-23-2024 11:50 AM

This is a screenshot that we can share from our internal docs about the On-Write file protection file types and some other useful information:

 

jmazzeo_1-1713898172671.png

 

If this post answers your question, please mark it as the solution.

JM
0 Likes Likes

AbdBgc
L0 Member
In response to jmazzeo

‎04-23-2024 10:36 PM - edited ‎04-23-2024 10:56 PM

Thanks @jmazzeo , this is helpful.👍

 

As far as I see, even as admin I have only the option to turn it on or off, Enabled/Disabled, in Malware Prevention Profile from the Console. So, no option to use this protection type in monitoring only mode (no "Report" only option), if enabled it will detect and prevent in any case. Is that correct?

0 Likes Likes

jmazzeo
L4 Transporter
In response to AbdBgc

‎04-24-2024 05:42 AM

That toggle is to enable the ability to send the written files to analysis. The actions are made by the usual modules as is mentioned in the last bullet on the screenshot.

JM
0 Likes Likes
  • 306 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks