You can use the Endpoint Threat Prevention Options setting in a plan to do any of the following in response to a database match:
- Block and report —
Blocks and quarantines any process that matches the threat database.
- Report only —
Disable process blocking and file quarantine, but report database matches as an alert.
- Disabled —
Disable all process blocking, file quarantines, and reporting in response to a threat database match.