Malware Behavior Blocking is a new Behavior Monitoring feature in OSCE that does the following:
- For known threats: Blocks behavior associated with known malware threats
- For known and potential threats: Blocks behavior associated with known threats and takes action on potentially malicious behavior
The difference between the two is that for known and potential threats, the TMBMSRV module further calls the Damage Cleanup Engine (DCE) module to scan or query the Census backend server if it judges that there is a potentially malicious threat.
To enable Malware Behavior Blocking in OSCE:
- Log on to the OSCE management console.
- Go to Agents > Agent Management.
- Click Settings.
- Go to Behavior Monitoring Settings.
- Tick the Enable Malware Behavior Blocking for known and potential threats option and save the changes.
The Malware Behavior Blocking feature should now be enabled.
To confirm that the feature is enabled in an OSCE client, check if the following registry key exists:
- Value:1 = Enable Malware Behavior Blocking for known and potential threats
- Value:0 = Enable Malware Behavior Blocking for known threats
For the detection log type:
- If the process is detected as a threat by the DCE module, it will record in the virus/malware log
- If the process is judged by Census backend server as a threat, it will record in the behavior monitor log