Scanning and blocking mode

Use this setting to select the mode DriveLock uses to scan applications on the Linux agent and/or to initiate appropriate actions.

Please do the following:

Select Set to fixed value, and then select one of the following options from the list:

• Audit only: events are generated only; you can analyze them later

• Whitelist: applications may only be executed if a corresponding whitelist rule exists. All other applications will be blocked.

• Blacklist: applications are blocked only if there is a corresponding blacklist rule. All other applications are allowed.

• including DLLs: this addition also checks the shared libraries

• (simulate): this addition means that the effects of your rules are tested in advance and corresponding events are generated.