Use Sensor Tampering Protection

Note

This feature has limited availability currently. Contact your Customer Success manager to access this feature.

Sensor tampering protection provides enhanced protection to the Cybereason processes running on Windows endpoints. With sensor tampering protection, Cybereason protects its processes, files, services, and registries against unauthorized or malicious modifications or kill attempts. For example, sensor tampering protection prevents unauthorized access to the processes related to the sensor.

In addition, sensor tampering protection protects the sensor from unintentional end user actions that might compromise security. For example, an end user might kill a resource-intensive sensor process that is responsible for a number of protection capabilities, instead of contacting Technical Support to resolve the issue. This exposes the endpoint machine to potential attacks.

Note

The Infrastructure settings screen is disabled by default. To take part in the beta phase of this feature contact your Customer Success Manager.

In this topic:

Enable sensor tampering protection
Additional sensor security and password protection
AM-PPL Support (Windows)

Enable sensor tampering protection

Contact your Customer Success Manager to enable and view the Infrastructure settings screen in your sensor policy.
In the Infrastructure settings screen in a sensor policy, switch the Sensor tampering protection toggle to On.
Click Save & Publish. Sensor tampering protection is enabled.

Additional sensor security and password protection

The Cybereason platform secures itself using the following methods:

All communication between the sensor and the Registration and Detection servers occurs over TLS.
Data in transit is transmitted over TLS, based on two-way authentication between server and client and based on certificate verification that employs a 2048-bit RSA key set, and SHA256 hashing algorithm.
Only machine administrators can install or uninstall sensors on endpoints across your organization.
Optionally, you can consult with Customer Success to configure sensors to require an uninstall password, which protects the sensor against accidental uninstallation.

AM-PPL Support (Windows)

From version 23.2.4x the sensor supports using Windows AM-PPL. This service provides self-protection for the Cybereason sensor. For example, it protects Cybereason processes against malicious actions such as terminating the application. Contact Support to enable this feature.