The content in this section applies to the legacy threat prevention strategy in macOS Security. The legacy strategy will be deprecated in a future version of macOS Security. For information and instructions on configuring threat prevention strategies, see Threat Prevention (Beta).
The threat prevention capabilities in Jamf Protect for macOS detect and block threats before they occur. Threat prevention includes:
- Advanced threat controls
Advanced threat controls intervene when unsafe or malicious activity considered high-risk by Jamf Threat Labs is detected. Detected activity is blocked and reported to administrators for further investigation.
- Tamper prevention
Tamper prevention forbids unauthorized modification, disabling, or deletion of the Jamf Protect application, system extension, and its critical files. This feature also protects against locally disabling tamper prevention protections.
- Endpoint threat prevention
Endpoint threat prevention monitors process execution to prevent known malware and threats on macOS. Endpoint threat prevention uses the Jamf Protect threat database to monitor computers for processes that match entries. When matches occur, Jamf Protect automatically blocks the matching process and quarantines the associated file.
- Custom prevention lists
Custom prevent lists allow you to block processes and quarantine files on computers based on file hashes and Apple-specific signing information.
- Web protection
Web protection detects and blocks inbound and outbound threats that occur during network activity with computers. Web protection is configured via policies in the Jamf Security Cloud portal.