Anti-Malware Rules

Prevent Phished-Based Malware Attacks

Stop malware from phishing emails—the most common attack vector—before it compromises client systems and data.

  • Block unauthorized installations and malicious payloads triggered by phishing attacks.
  • Monitor and log all attempts to execute untrusted software for detailed analysis.
  • Send instant alerts to your RMM system for rapid remediation and improved response times.

This rule strengthens your managed services by addressing the top cyber threat head-on, ensuring clients’ trust in your proactive security approach.

[Shortcode:BLOCKPHISH]

Prevent Malware, Zero-Day Attacks, and Other Installs 

Strengthen endpoint security by blocking unauthorized installations and malware attempts, including stealthy zero-day threats.

  • Block unauthorized executable files from being written to the disk.
  • Prevent automatic updates or unapproved software installs from bypassing controls.
  • Alert your RMM system about all blocked activities for proactive response.

This rule lets you deliver powerful endpoint protection to your clients while emphasizing your commitment to minimizing risk and downtime.

[Shortcode:BLOCKZERODAY]

Prevent Switchblade Attacks

Enhance endpoint defense by stopping malicious USB-based attacks before they compromise systems or steal sensitive data.

  • Detect and block Switchblade-style USB exploits attempting unauthorized activity.
  • Log every attempt to execute payloads via USB for review and compliance.
  • Automatically notify your RMM system, ensuring swift action on any suspicious activity.

This rule showcases your proactive security measures to protect client systems from physical attack vectors, elevating trust and reliability in your managed services.

[Shortcode:BLOCKSWITCHBLADE]

Prevent Access to FilterManager

Block unauthorized access to FilterManager to safeguard critical system components from malicious tampering.

  • Restrict attempts to interact with or modify the Windows Filter Manager, an essential component for filtering and handling file system I/O.
  • Record and log all access attempts to provide a comprehensive audit trail.
  • Alert your RMM system when an access attempt is detected for immediate action.

This rule helps MSPs maintain a secure environment by preventing attacks targeting system-level components, ensuring a robust defense against hidden and sophisticated threats.

[Shortcode:PROTECTFLTMGR]