Linux sensor supported prevention capabilities are indicated by the Linux icon on the Enforce > Policies > Prevention tab. If a policy includes selections that are not available for Linux, those selections apply to the Windows or macOS endpoints that are assigned to the policy.

The Linux sensor does not abide by Bypass or Permissions rules.

In the Blocking and Isolation rules category, only the Runs or is running operation attempt is actionable on Linux endpoints for these rules.

Known malware

When selected for the policy, the Linux sensor applies either a Deny operation or Terminate process policy action when a process runs or is running with the reputation of KNOWN_MALWARE.

Application on the company banned list

When selected for the policy, the Linux sensor applies either a Deny operation or Terminate process policy action when a process runs or is running with the reputation of COMPANY BLACKLIST.

You can manually add hashes to the company banned list on the Reputation page, or throughout the console where the option is provided.