Agent Prevention Policies

Abstract

Configure Agent Prevention Policies permissions.

Agent Prevention Policies define the security posture for endpoints.

For more information, see Manage endpoint prevention profiles.

Permissions

Description

Roles Example

None

Cannot view the Policy Rules page (InventoryEndpointsPolicy ManagementPreventionPolicy Rules), which includes endpoint details, or view policy effectiveness.

View

View the Prevention Policies menu, including viewing the policies list, details, protection settings, and viewing assigned groups.

  • SOC Tier-1 Analyst: Understanding policies helps explain why actions were blocked or allowed.

  • SOC Tier-2 Analyst: Policy visibility is essential for understanding protection posture

  • Threat Hunter: Understanding prevention policies helps identify detection gaps.

View/Edit

All view capabilities plus creating, editing, deleting, and copying policies, assigning, and setting policy priority.

  • SOC Tier 3 Analyst: May provide input on policy improvements, but changes should go through change management.

  • Security Engineer: Primary responsibility for policy development and implementation.