Containment (Beta)
Xcitium Client Security can run all unknown files in a security hardened environment known as the 'container'.
Enable Containment - Allows you to enable or disable containment of unrecognized/unknown files. If enabled, unknown applications are run inside the container as per the rules defined. (Default = Disabled)
Currently, the Containment feature is in BETA stage, more features will be available from upcoming release.
- Applications that have invalid signatures are blocked.
- Applications that have malicious file ratings are blocked.
- All AppStore 3rd-party applications that are signed by Apple/AppStore will be run without any restriction.
- Applications that have trusted file ratings are run without any restrictions.
- Applications that have unrecognized file ratings are run virtually.
Restriction levels include:
- Run Virtually. The file is completely isolated from your operating system and files on your computer
- Run Restricted. The file is contained but has limited access to operating system resources
- Block. The file is completely prevented from running
- Ignore. The file is run outside the container without restrictions
To Open Containment
Each rule has the following attributes
- Open Xcitium Client Security
- Click the 'More' tab > 'Containment (Beta)'
Each rule has the following attributes
- Action – Displays the operation that the container should perform on the target file if the rule is triggered.
- Target – The file types, groups or locations on which the rule will be executed.
- Reputation – The trust status of the files to which the rule should apply. Can be ‘Malware’, ‘Trusted’ or ‘Unrecognized’.
- Signature – Signature of the File or Application.