How to change the activation mode

Endpoint Prevention availability

Endpoint Prevention is available to Managed Detection and Response and Managed Threat Complete customers who also have the Next-Generation Antivirus or Ransomware Prevention add-ons.

Activation modes for Next-Generation Antivirus

Your Next-Generation Antivirus add-on can operate in one of two possible activation modes: Monitor Only and Active Prevention. Like all settings in Agent Management, you configure this activation mode on a per-organization basis:

  • Monitor Only - Your Insight Agents will not take any of the actions dictated by your prevention policies when threats are detected, but monitoring will continue nonetheless. When threats are detected, these events will be logged and alerts will still be generated.
    • This is the default mode for Next-Generation Antivirus and allows you to complete all necessary configuration tasks before you're ready to switch to Active Prevention.
    • If you need to troubleshoot your Next-Generation Antivirus add-on configuration, you can switch back to Monitor Only for this purpose.
  • Active Prevention - Your Insight Agents will actively respond to detected threats with the actions dictated by your prevention policies. As such, events will be logged and sent to InsightIDR for analysis and further action, if necessary.

How to switch between activation modes

You can switch between Monitor Only and Active Prevention at any time in the Endpoint Prevention tab:

  1. In your Agent Management experience, click Endpoint Prevention.
  2. Click Activation Mode.
  3. Change your activation mode selection as necessary.
    • If you've finished configuring your Next-Generation Antivirus add-on and you're ready to enable Active Prevention for the first time, do so now.
    • If you need to troubleshoot your Next-Generation Antivirus add-on, switch to Monitor Only for the duration to avoid any disruption in your environment.
  4. Click Save Changes to finish.

Activation modes for Ransomware Prevention

Your Ransomware Prevention add-on can operate in one of two possible activation modes: Monitor Only and Active Prevention. Like all settings in Agent Management, you configure this activation mode on a per-organization basis:

  • Monitor Only - Your Insight Agents will not take any of the actions dictated by your prevention policies when threats are detected, but monitoring will continue nonetheless. When threats are detected, these events will be logged and alerts will still be generated.
    • This is the default mode for Ransomware Prevention and allows you to complete all necessary configuration tasks before you're ready to switch to Active Prevention.
    • If you need to troubleshoot your Ransomware Prevention add-on configuration, you can switch back to Monitor Only for this purpose.
  • Active Prevention - Your Insight Agents will actively respond to detected threats with the actions dictated by your prevention policies. All such, events will be logged and sent to InsightIDR for analysis and further action, if necessary.

How to switch between activation modes

You can switch between Monitor Only and Active Prevention at any time in the Endpoint Prevention tab:

  1. In your Agent Management experience, click Endpoint Prevention.
  2. Click Activation Mode.
  3. Change your activation mode selection as necessary.
    • If you've finished configuring your Ransomware Prevention add-on and you're ready to enable Active Prevention for the first time, do so now.
    • If you need to troubleshoot your Ransomware Prevention add-on, switch to Monitor Only for the duration to avoid any disruption in your environment.
  4. Click Save Changes to finish.