Threat prevention engines are distinct categories of protections that you can configure to customize your security strategy. Under the custom strategy, each engine can be independently configured to suit your needs.
- Malware and riskware
Protects against malware and riskware by leveraging a combination static and behavioral analysis signatures.
Provides the following types of threat coverage:
Executables
Scripts
Signing identities
Behavioral patterns
- Adversary tactics
Detects attacker behaviors in real time by monitoring system, user, and process activity. Aligned with MITRE ATT&CK tactics and enriched macOS-specific attacker techniques.
Examples of threat coverage include:
Discovery
Execution
Exfiltration
Persistence
Privilege escalation
- System tampering
- Uses behavioral analysis to monitor and protect against tampering and removal attempts of the Jamf Protect security agent on the computer.Important:
An additional configuration profile needs to be installed on target computers running macOS 15 or later, in order to make the Jamf Protect agent a non-removable system extension. For more information see Making Jamf Protect a Non-Removable System Extension.
- Fileless threats
Detects in-memory or runtime threats that bypass traditional file-based defenses, including trusted tool abuse and stealthy memory-based execution techniques.
Provides the following types of threat coverage:
Living off the land
Memory injection