Xcitium Enterprise

• Introduction To Xcitium Client Security
  • Special Features
  • System Requirements
  • Install Xcitium Client Security
  • Start Xcitium Client Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
  • Password Protection
• General Tasks - Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Create, Schedule And Run A Custom Scan Profile
    • Automatically Scan Unrecognized And Quarantined Files
  • Instantly Scan Files And Folders
  • Process Infected Files
  • Manage Virus Database Updates
  • Manage Blocked Autoruns
  • Manage Quarantined Items
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • Open Shared Space
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Pause And Resume The Virtual Desktop
    • Close The Virtual Desktop
• DLP Tasks - Introduction
  • Run Data Loss Prevention Scans
  • Manage DLP Quarantined Files
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage XCS Tasks
  • View XCS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alerts Logs
    • XCS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Configuration Changes Logs
    • Virtual Desktop Event Logs
    • Data Loss Prevention Event Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Xcitium
  • View Active Process List
• XCS Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Virus Database Updates
    • Log Settings
    • Manage XCS Configurations
      • Xcitium Preset Configurations
      • Personal Configurations
    • Manage Performance
  • Antivirus Configuration
    • Real-time Scanner Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Protected Objects
    • Protected Objects - HIPS
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
    • Protected Objects - Containment
      • Protected Files And Folders
      • Protected Keys
  • Data Loss Prevention
    • DLP Monitoring Rules
    • DLP Discovery Rules
    • DLP Keyword Groups
  • Containment Settings
    • Containment Settings
    • Auto-Containment Rules
    • Virtual Desktop Settings
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • Submitted Files
  • Advanced Protection
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
  • Web Filter Settings
    • Website Filtering Rules
    • Website Categories
• Appendix 1 - XCS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Block / Allow Specific Websites To Specific Users
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs Inside The Container
  • Run Browsers Inside The Container
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Xcitium Verdict Cloud For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Containment On A Per-application Basis
  • Switch Off Automatic Antivirus Updates
  • Suppress XCS Alerts Temporarily
  • Control External Device Accessibility
• Appendix 2 - Xcitium Secure DNS Service
  • Router - Manually Enable Or Disable Xcitium Secure DNS
  • Windows - Enable Xcitium Secure DNS
• About Xcitium

Miscellaneous Settings

• Click 'Assets' > 'Configuration Templates' > 'Profiles'
  

• Open the Windows profile you want to work on
  

• Click the 'Miscellaneous' tab then 'Edit', if it has already been added to the profile
  

OR

• Click 'Add Profile Section' > 'Miscellaneous' if it hasn't yet been added
  

The 'Miscellaneous' settings screen opens:

• Detect shellcode injections:
  

• A shellcode injection is an attack which exploits software vulnerabilities to give attackers control of a compromised machine.
  

• For example, shellcode attacks are often used to create buffer-overflows on victim machines. Enable this setting to turn-on buffer overflow protection.
  

• By default, Xcitium Client Security (XCS) monitors all applications to make sure they do not suffer shellcode attacks.
  

• However, you may want to omit certain applications from protection for compatibility reasons. Click the 'Exclusions' link to do this.
  

• The process to add exclusions is similar to that explained in Containment Settings.
  

Background: A buffer overflow is an anomalous condition where a process/executable attempts to store data beyond the boundaries of a fixed-length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data, and may cause a process to crash or produce incorrect results. As such, buffer overflows cause many software vulnerabilities and are the basis of many exploits.

• Apply the selected action to...' - XCS will monitor registry entries related to Windows services, auto-run items and scheduled tasks. If any entries are created or modified by unrecognized files/scripts, they will handled per the action chosen. (Default = Enabled)

Xcitium recommends this setting is left enabled (Default = Enabled).

• Apply the selected signature level while.... - XCS identifies untrusted DLLs, apps, portable executables (PE) and autoruns launched before XCS starts on the endpoint. These may expose the endpoint to a danger if those items turn to be malicious. (Default = Disabled)

• XCS checks whether startup items are signed by a trusted authority and marks them as trusted or untrusted. The flag is used at next restart to allow or block the item.
  

• You can choose how strict the certificate check should be:

• Windows- Only items signed by Microsoft certificates are marked as trusted
  

• Antimalware - Trusts files signed by either Microsoft or Antimalware certificates

• Authenticode - Flags all signed files as trusted
  
  

• Monitor DLL files being loaded by running processes - XCS monitors the DLL files loaded to system memory, by processes that are currently running on the endpoint (Default = Disabled).

• If enabled, XCS runs a file rating scan on each DLL loaded to identify its trust rating.
  

• The trust rating is reported to Xcitium. Files with an Unrecognized' rating are submitted to Valkyrie for analysis

• You can view these details at 'Security' > 'Endpoint Security' > 'Application Control'. See Manage File Trust Ratings on Windows Devices for more details. 
  
  
• Self-Protection Options: Allows to protection for Xcitium Client - Security agent's own processes and assets. (Default = Enabled).
  
  
• Protect Xcitium files - Access to blocking protected folders (XCS folders), driver/guard dll files. 

• Protect Xcitium Registry key – Allows you to protect system critical registry keys against modification.  

• Protect Xcitium processes - Access blocking to processes (XCS processes) with write/terminate permissions and on win10and block loading unsigned DLLs into processes (XCS processes).

•  Audit Only - The audit mode sends a notification about access to protected folders (xcs folders), drivers/guard dll files, notification about access to services in the registry, (XCS processes) with write/terminate permissions and loading unsigned DLLs into processes (XCS processes). 
  
  
• Click 'OK' to save your settings.