Configuring a Custom Threat Prevention Strategy

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

The custom threat prevention strategy allows you to configure the behavior of each of the available threat prevention engines.

Requirements

A new or existing macOS Security plan with the custom threat prevention strategy applied.

  1. In the macOS security portal, navigate to Plans. To create a new plan, click Create Plan; or select an existing plan and click Edit.
  2. Locate the Threat Prevention section of the plan page.
  3. Select the Custom strategy.
  4. Click Edit custom engines to configure your custom strategy.
  5. Next to the engine name, select Edit custom engine.
  6. Configure the engine behaviors as needed.

    The following options apply to the threat prevention engines and the legacy configuration options. You can select the engine setting that meets your specific needs.

    • Block and report

      Blocks and quarantines any process that matches the threat database.

    • Report only

      Disable process blocking and file quarantine, but report database matches as an alert.

    • Disabled

      Disable all process blocking, file quarantines, and reporting in response to a threat database match.

  7. After you have completed configuring the custom engine, click Close.
  8. You can continue to edit the remaining plan fields. Save the plan when your edits are complete.
    Important:

    An additional configuration profile needs to be installed on target computers running macOS 15 or later to make the Jamf Protect agent a non-removable system extension. For more information see Making Jamf Protect a Non-Removable System Extension.

Your plan now has a custom threat prevention strategy applied to it.