Self-protection

Self-protection prevents unauthorized changes to the software's own processes, registry records, executable and configuration files, and backups located in your local folders.

Administrators can enable Self-protection, without enabling Active Protection.

Default setting: On.

Self-protection is not supported for Linux.

To enable Self-protection

  1. In the Create protection plan window, expand the Antivirus & Antimalware protection module.
  2. Click Self-protection.
  3. Use the Self-protection toggle to enable it.

To enable Agent uninstallation protection

  1. Once the Self-protection feature is enabled, you can select the Agent uninstallation protection checkbox.
  2. Click Done.

Agent uninstallation protection prevents users or software from uninstalling Agent for Windows or modifying its components outside the configured maintenance window.

This option does not prevent automatic updates of the Cyber Protection agent.

Default setting: Enabled

Every attempt to uninstall or modify the protection agent outside the maintenance window triggers an alert. An administrator user can review the alert and decide whether to allow modifucations to the agent for 1 hour or configure a maintenance window with duration between 1 hour and 7 days. See To allow the modification of an agent with uninstallation protection enabled.

Allowing processes to modify backups

The Allow specific processes to modify backups setting is only available when the Self-protection setting is enabled.

It applies to files that have extensions .tibx, .tib, .tia, and are located in local folders.

This setting lets you specify the processes that are allowed to modify the backup files, even though these files are protected by self-protection. This is useful, for example, if you remove backup files or move them to a different location by using a script.

If this setting is disabled, the backup files can be modified only by processes signed by the backup software vendor. This allows the software to apply retention rules and to remove backups when a user requests this from the web interface. Other processes, no matter suspicious or not, cannot modify the backups.

If this setting is enabled, you can allow other processes to modify the backups. Specify the full path to the process executable, starting with the drive letter.

Default setting: Disabled.