Dynamic Application Containment page Protect your system by limiting the actions that contained applications can perform based on configured rules. The Dynamic Application Containment settings of Adaptive Threat Protection apply to Windows systems only. Table 1: Option definitions Section Option Description Containment Rules Configures Dynamic Application Containment rules. You can change whether McAfee-defined containment rules block or report, but you can't otherwise change or delete these rules. Block (only) — Blocks, without logging, contained applications from performing actions specified by the rule. Report (only) — Logs when applications try to perform actions in the rule, but doesn't prevent applications from performing actions. Block and Report — Blocks and logs access attempts. Block All — Selects or deselects Block for all rules. Report All — Selects or deselects Report for all rules. Tip: Best practice: When the full impact of a rule is not known, select Report but not Block to receive a warning without blocking access attempts. To determine whether to block access, monitor the logs and reports. To disable the rule, deselect both Block and Report. Table 2: Advanced options Section Option Description Exclusions Excludes processes from containment. Add — Adds a process to the exclusion list. Delete — Deletes the selected item. Actions — Edit — Changes the selected item. Duplicate — Creates a copy of the selected item. Exclusion page Add or edit an executable to exclude from Dynamic Application Containment. Related referenceExclusion page
Dynamic Application Containment page Protect your system by limiting the actions that contained applications can perform based on configured rules. The Dynamic Application Containment settings of Adaptive Threat Protection apply to Windows systems only. Table 1: Option definitions Section Option Description Containment Rules Configures Dynamic Application Containment rules. You can change whether McAfee-defined containment rules block or report, but you can't otherwise change or delete these rules. Block (only) — Blocks, without logging, contained applications from performing actions specified by the rule. Report (only) — Logs when applications try to perform actions in the rule, but doesn't prevent applications from performing actions. Block and Report — Blocks and logs access attempts. Block All — Selects or deselects Block for all rules. Report All — Selects or deselects Report for all rules. Tip: Best practice: When the full impact of a rule is not known, select Report but not Block to receive a warning without blocking access attempts. To determine whether to block access, monitor the logs and reports. To disable the rule, deselect both Block and Report. Table 2: Advanced options Section Option Description Exclusions Excludes processes from containment. Add — Adds a process to the exclusion list. Delete — Deletes the selected item. Actions — Edit — Changes the selected item. Duplicate — Creates a copy of the selected item. Exclusion page Add or edit an executable to exclude from Dynamic Application Containment. Related referenceExclusion page
