Organize your assets with prevention groups
Endpoint Prevention availability
Endpoint Prevention is available to Managed Detection and Response and Managed Threat Complete customers who also have the Next-Generation Antivirus or Ransomware Prevention add-ons.
Prevention groups with Next-Generation Antivirus
The first configuration step for your Next-Generation Antivirus add-on configuration is determining how your assets with an Insight Agent installed should be grouped. This article explains how prevention groups work and how to create them.
Prevention group rules and characteristics
The Next-Generation Antivirus add-on requires that all eligible Insight Agents are associated with a prevention group. These groups are the object to which you attach and configure a prevention policy. For an initial deployment, all your eligible agents are automatically placed in a default prevention group. This group uses the immutable default prevention policy configured by Rapid7 to provide a baseline level of protection when your Endpoint Prevention program is in Active Prevention mode.
Assets can only belong to one Prevention Group
You can create your own custom prevention groups to configure your Next-Generation Antivirus add-on, but note that each group has exclusive control of the agents within it. An agent can only be in one prevention group at a time, and associating an agent with a new prevention group means removing it from its existing group.
Prevention Groups can be empty
Prevention groups do not require agents for the group to be created. This scenario is especially useful when your Next-Generation Antivirus add-on is already running in Active Prevention mode. Creating an empty prevention group first allows you to prepare a new prevention policy in isolation without affecting your assets and the rest of your Next-Generation Antivirus configuration. You can return to the prevention group at a later time and assign agents to it when you're ready.
Prevention Groups must be empty to be deleted
Prevention groups are considered in use as long as the group has at least one agent associated with it. Prevention groups with any agents in them are not eligible for deletion. If you decide you no longer require the prevention group, you must move all assets to another custom prevention group or the DEFAULT group before Next-Generation Antivirus allows you to delete the group.
Create a prevention group
- Click Endpoint Prevention in Agent Management. The Prevention Groups subtab will already be selected.
- Click Create Prevention Group. A window will prompt you to name and describe your group.
- At this point, you can move on to configure group membership, a prevention policy, and exclusions, or you can elect to finish creating the group and leave configuration for later:
- To continue with the configuration, click Create and Configure.
- To just create the prevention group, click Create Group Only.
Prevention groups with Ransomware Prevention
The first configuration step for your Ransomware Prevention add-on configuration is determining how your assets with an Insight Agent installed should be grouped.
Prevention group rules and characteristics
The Ransomware Prevention add-on requires that all eligible Insight Agents are associated with a prevention group. These groups are the object to which you attach and configure a prevention policy. For an initial deployment, all your eligible agents are automatically placed in a default prevention group. This group uses the immutable default prevention policy configured by Rapid7 to provide a baseline level of protection when your Endpoint Prevention program is in Active Prevention mode.
Assets can only belong to one Prevention Group
You can create your own custom prevention groups to configure your Ransomware Prevention add-on, but note that each group has exclusive control of the assets within it. An asset can only in one prevention group at a time, and associating an asset with a new prevention group means removing it from its existing group.
Prevention Groups can be empty
Prevention groups do not require assets for the group to be created. This scenario is especially useful when your Ransomware Prevention add-on is already running in Active Prevention mode. Creating an empty prevention group first allows you to prepare a new prevention policy in isolation without affecting your assets and the rest of your Ransomware Prevention configuration. You can return to the prevention group at a later time and assign agents to it when you're ready.
Prevention Groups must be empty to be deleted
Prevention groups are considered in use as long as the group has at least one asset associated with it. Prevention groups with any assets in them are not eligible for deletion. If you decide you no longer require the prevention group, you must move all assets to another custom prevention group or the DEFAULT group before Ransomware Prevention will allow you to delete the group.
Create a prevention group
- Click Endpoint Prevention in Agent Management. The Prevention Groups subtab will already be selected.
- Click Create Prevention Group. A window will prompt you to name and describe your group.
- At this point, you can move on to configure group membership, a prevention policy, and exclusions, or you can elect to finish creating the group and leave configuration for later:
- To continue with the configuration, click Create and Configure.
- To just create the prevention group, click Create Group Only.