Views:

When you upgrade to Deep Security Manager version 20.0.313, there are configuration changes that takes effect automatically inside “default real-time scan configuration”. It will "Turn On" automatically BM (Behavior Monitoring) and PML (Predictive Machine Learning) and the "Action to take" option will be set to "Pass". This configuration will offer the best protection and at the same time reduce the impact it may have on running applications.

This change will only affect BM or PML if the configuration is "Turned Off". This change does not affect customers who have either BM or PML already enabled.

When the scan configuration is enabled for BM or PML and the custom action is set to "Pass". Once this policy is applied, we can expect the following behavior on the agent.

  • Deep Security Agent (Windows) 20.0.0.1559 and above will Turn On Behavior Monitoring. The "Pass" action is fully supported starting with this agent version.
  • Deep Security Agent (Linux) 20.0.0-1822 and above now includes Behavior Monitoring.The "Pass" action is fully supported starting with this agent version.

  • The following agents does not support the "Pass" action. If Pass Action is selected in Realtime Scan Configuration, Behavior Monitoring or Predictive Machine Learning will be disabled on the agent.

    • Deep Security Agent 9.x
    • Deep Security Agent 10, 11, 12
    • Deep Security Agent 20 (Windows) version lower than 20.0.0.1559
    • Deep Security Agent 20 (Linux) version lower than 20.0.0.1822

Since “default real-time scan configuration” is a global setting, changes to this configuration will apply to all Deep Security Agents if customer uses default policies.

Deep Security Manager upgrade will modify the “default real-time scan configuration” setting for BM (Behavior Monitor) and PML (Predictive Machine Learning) to "Enabled" if it is previously disabled. The "Action to take" will be set to "Pass".

General Info

Behavior Monitoring and Predictive Machine Learning with “Pass” action is a new feature that works only with the following Agent versions:

  • Deep Security Agent for Windows 20.0.0-1559
  • Deep Security Agent for Linux 20.0.0-1822

All agent versions lower than what has been mentioned here, the “Pass” action is not supported. Behavior Monitoring and Predictive Machine Learning will be turned off if "Action to take" is configured to "Pass" action.

 
Behavior Monitoring and Predictive Machine Learning may appear enabled on the Web Console. However, if pass action is selected, these 2 features will be disabled as older agents do not support the pass action.
 
Keywords: Behavior Monitoring,dsm 20.0.313,default real-time scan configuration,Action to Take,new option