Enabling Advanced Threat Controls

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
Important:

Advanced threat controls may not be suitable for certain development environments. Jamf recommends testing before enabling in production.

If advanced threat controls do not currently meet requirements after testing, continue to use the reverse-shell analytics.

Requirements

  • macOS 13 or later

  • Jamf Protect 5.1.2 or later

  • Jamf Protect running as a system extension as approved through your MDM

Advanced threat controls do not support exceptions. For more information, see Exceptions.

  1. In Jamf Protect, click Plans.
  2. Navigate to an existing plan and edit the plan, or create a new plan.
  3. Under Legacy, click Edit legacy features.
  4. Configure Advanced Threat Controls settings.
    1. Choose Block and report to intervene, block, and report malicious activity to stop attacks.
    2. Choose Report only to only receive reports on malicious activity when attacks occur.
    3. Choose Disable to disable intervention and reporting of malicious attacks as they occur.
  5. Click Save.

After enabled inside a plan, advanced threat controls deploy protections to computers the next time they connect to Jamf Protect Cloud.