Agent Extension Policies

Abstract

Configure Agent Extension Profile permissions.

Manage profiles for additional endpoint capabilities, such as configuring third-party integrations, managing agent extension modules, and defining extension deployment policies. For more information, see Harden endpoint security.

Note

Agent Extension Policies enable access to configure extension policies, profiles, and exceptions. Device Control rules perform device control actions within the extension policies.

Permissions

Description

Roles Example

None

Cannot view the Agent Extensions menu (InventoryEndpointsPolicy ManagementExtensions, which includes Policy Rules, Profiles, Device Permanent Extensions, and Device Temporary Extensions.

SOC Tier-1 Analyst: Extension policies are typically not needed for basic triage. Although it may provide context for understanding additional agent capabilities

View

View the Agent Extensions menu and read-only access for the Policy Rules, Profiles, Device Permanent Extensions, and Device Temporary Extensions.

  • SOC Tier-2 Analyst: Understanding extension policies helps explain additional agent capabilities during investigations. Extensions like Device Control or Host Firewall affect endpoint behavior.

  • SOC Tier-3 Analyst: Full visibility needed for advanced analysis of agent extensions and their impact on endpoint protection and telemetry.

  • Threat Hunter: Extension visibility helps understand the full agent capability set for hunting. Hunters need to know what protections are active.

View/Edit

All view capabilities, plus managing Policy Rules, Profiles, Device Permanent Extensions, and Device Temporary Extensions.

Security Engineer: Responsible for extension configuration and deployment. Manages which extensions are enabled for different endpoint groups.