Jamf Protect's threat prevention policy determines how detected threats are reported and remediated in your environment. This includes:
Choosing the types of threats to actively monitor, block, and log in your environment.
Sending alert notifications to end users and administrators
Using organization units (OUs) to apply different policies to different groups
You can granularly control the response to specific types of threats, which are sorted into these categories:
- Web content —
These are digital communications between a device and a URL that pose a risk to the user, their privacy, or their data. Examples include phishing sites, spam, and risky app stores.
- App —
App-related threats pertain to malware that is downloaded, or applications that request higher levels of device permissions than required for them to achieve their purpose; for example, a mapping app that requests access to the camera and microphone, Third-party app stores are also a risk due to the unvetted nature of the apps that can be downloaded from them.
- Network —
App-to-server communications and web browser activities are typically the sources of network threats. These events are transient in nature and may occur multiple times or only once.
- Device —These are threats and vulnerabilities that are present on the device, such as having unknown sources enabled, or a jailbroken device. Most device-side issues are vulnerabilities, such as the lock screen being disabled, or the device having an outdated OS.
For more information, see Threat Prevention Policy Threat Categories.