After the security scope is in the Protected Mode, you can still review and edit services associated with the scope.

There are four vectors that are used to alert and remediate. By default, the only action for the Remediation rules is set to Alert and the enforcement is automatic. You can edit the rule settings. You can edit the settings based on the action that you want AppDefense to take.

  • Enforce Process Monitoring: How do you want AppDefense to monitor process execution?
  • Enforce Outbound Connections: If AppDefense sees a new outbound connection from an allowed process, what do you want it to do?
  • Enforce Inbound Connections: If AppDefense sees a new inbound connection from an allowed process, what do you want it to do?
  • Enforce Guest OS Integrity: Windows-only. If AppDefense detects that the integrity of your operating system (OS) has been compromised, what do you like it to do?
  • Enforce AppDefense Module Integrity: Windows-only. If AppDefense detects the integrity, the AppDefense Module has been compromised (potentially turned off), what do you like it to do?

You cannot set automatic remediation action for the Guest module down alert. Remediation for this action can only be taken manually.