Forum Discussion

EricF's avatar
EricF
Comet
2 months ago

Device Posture-Real Time Protection

I noticed a couple of items in the Device Posture>Device Checks>Anti-Malware section today that I was wanting to bring up.

1. Real Time Protection Enablement

Realtime protection is not able to be selected when you have "Any" selected as the Vendor (grayed out in the screenshot shown below):

 

 

 

 

 

 

 

 

 

 

 

However, if you end up Defining a Vendor and Product, and then revert your Vendor selection back to "Any," Real Time Protection can be enabled (see screenshot below once reverting Vendor back to "Any"):

 

 

 

 

 

 

 

 

Question

Does this mean that Real Time Protection cannot be assessed if you have the "Any" vendor selection, and I just happened to find a bug that allows me to check,....OR....am I supposed to be able to select Real Time Protection when the Vendor selection is set to "Any"?

2. Real Time Protection Definition

When reviewing CATO documentation on Device Checks using the following URL: Creating Device Posture Profiles and Device Checks – Cato Learning Center

The following is listed:

 This reads like it is mentioning the frequency that the Client is checking the device for Anti-Malware criteria checks and not that the installed Anti-Malware solution has Real Time Protection enabled. Can I get confirmation that by enabling Real Time Protection in the Anti-Malware device check, this is actually verifying that the installed solution has Real Time Protection configured?

2 Replies

  • Hi EricF, 

    Is there a list of Anti-Malware that you are using at the moment?
    You may like to gradually add the vendors in the list, as some Anti-Malware (legacy/certain version) may not support real-time Protection.

    Cheers

    • EricF's avatar
      EricF
      Comet

      michaelsaw 

      Thank you for the comment, however my issue isnt that I dont see a specific anti-malware vendor listed, the issue that I am highlighting is that I want to have a requirement that you must have an AV solution and MUST have realtime protection available and enabled.

      At the moment if you select any Vendor, it wont let you select "Realtime Protection", and yet if you select a specific vendor and enable Realtime Protection and then change the vendor back to "Any", Realtime Protection is able to be selected. I am just not sure if this means it is now capable of looking for Realtime Protection for any AV solution or if this was unintended and is a bug.