Dynamic Application Containment page

Protect your system by limiting the actions that contained applications can perform based on configured rules.

The Dynamic Application Containment settings of Adaptive Threat Protection apply to Windows systems only.

Table 1: Option definitions
Section Option Description
Containment Rules Configures Dynamic Application Containment rules.

You can change whether McAfee-defined containment rules block or report, but you can't otherwise change or delete these rules.

  • Block (only) — Blocks, without logging, contained applications from performing actions specified by the rule.
  • Report (only) — Logs when applications try to perform actions in the rule, but doesn't prevent applications from performing actions.
  • Block and Report — Blocks and logs access attempts.
  • Block All — Selects or deselects Block for all rules.
  • Report All — Selects or deselects Report for all rules.
Tip: Best practice: When the full impact of a rule is not known, select Report but not Block to receive a warning without blocking access attempts. To determine whether to block access, monitor the logs and reports.

To disable the rule, deselect both Block and Report.

Table 2: Advanced options
Section Option Description
Exclusions Excludes processes from containment.
  • Add — Adds a process to the exclusion list.
  • DeleteDeletes the selected item.
  • Actions
    • EditChanges the selected item.
    • DuplicateCreates a copy of the selected item.