Nebula comes with a default policy configured with the recommended settings. If you modify a policy, you can revert it back to our defaults with the reset button on the policy edit page. There are default policies available for workstations and servers. This article details all default policy settings so you know what settings come with Nebula and what changes are made when using the reset button.
The following displays the default status for each policy option and operating system:
- ✓ Policy option is enabled.
- ! Policy option is disabled.
- ✕ Policy option is unavailable.
Workstations
The following tables display the default settings for a workstation policy.
Endpoint agent
For more information on each policy setting, see Endpoint agent policy settings in Nebula.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Show the ThreatDown icon in the notification area | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Display real-time protection notifications | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Allow users to run a Threat Scan (all threats will be quarantined automatically) | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Show ThreatDown shortcuts on Start menu and desktop to run Threat Scans | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Show ThreatDown option in context menus | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Allow only Administrator level users to interact with the ThreatDown Tray | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Automatically download and install ThreatDown application updates | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Pause endpoint agent updates | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Use memory caching | ✕ | ✕ | ✕ | ✓ | ✓ | ✕ |
Automatically reboot endpoints when required | ! | ! | ✕ | ✕ | ✕ | ✕ |
Allow users to postpone a reboot | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Automatically remove endpoints not seen in 90 days | ! | ! | ! | ✕ | ✕ | ✕ |
Provide all services with additional time to initiate | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Enable service health monitoring | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Tamper protection
For more information on each policy setting, see Tamper protection policy settings in Nebula.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Uninstall Protection | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Service and Process Protection | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Protection settings
For more information on each policy setting, see Protection policy settings in Nebula.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Web protection | ✓ | ✓ | ✕ | ✕ | ✕ | ✓ |
Outbound TCP | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Inbound TCP | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Outbound UDP | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Exploit protection | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Block potentially malicious email attachments (Outlook desktop only) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Malware protection | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Enable Anti-Malware Scanning Interface | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Behavior protection | ✓ | ✕ | ✕ | ✓ | ✓ | ✕ |
Block untrusted applications | ✕ | ✓ | ✕ | ✕ | ✕ | ✕ |
Ad block | ✕ | ✕ | ✕ | ✕ | ✕ | ✓ |
Delay real-time protection when ThreatDown starts for (15 seconds) | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Windows Action Center (Let ThreatDown apply the best Windows Action Center settings) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Self-Protection (Requires Real-time protection to be enabled) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Boot Process | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Device Control (Set to Allow full access to the device) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Automatically scan and quarantine threats when a USB device is inserted | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Block penetration testing attacks | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Enable hardening of MS Office applications | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Enhance anomaly detections | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Enable heuristic detections | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Enhance sandbox protection | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Check for protection software updates (1 Hour) | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Protection updates delay (No delay) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Allow protection updates over expensive networks | ✕ | ✕ | ✕ | ! | ! | ! |
Scan settings
For more information on each policy setting, Scan policy settings options in Nebula.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Scan the contents of compressed folders (e.g. .zip, .rar. etc.) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Detect signature-less anomalous files | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Scan for rootkits on the endpoints | ! | ✓ | ✕ | ✕ | ✕ | ✕ |
Treat potentially unwanted programs (PUPs) as malware | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Treat potentially unwanted modifications (PUMs) as malware | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Use deep scanner during a full scan | ✕ | ✕ | ✕ | ✓ | ✓ | ✕ |
Use power saver during scans | ✕ | ✕ | ✕ | ✓ | ✕ | ✕ |
Perform scans only while charging | ✕ | ✕ | ✕ | ! | ! | ✕ |
Scan automatically after reboot | ✕ | ✕ | ✕ | ✓ | ✓ | ✕ |
Scan automatically after update | ✕ | ✕ | ✕ | ✓ | ✓ | ✕ |
Select how endpoints should prioritize scans vs system performance (Low Priority: Better multi-tasking response) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Select maximum allocation of CPU resources for scans (Low 25%) | ✕ | ✓ | ✕ | ✕ | ✕ | ✕ |
Endpoint Detection and Response
For more information on each policy setting, see Endpoint Detection and Response policy settings in Nebula.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Suspicious activity monitoring | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Suspicious activity monitoring on servers | ✓ | ✕ | ! | ✕ | ✕ | ✕ |
Very aggressive detection mode | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Collect networking events to include in searching | ✓ | ✓ | ! | ✕ | ✕ | ✕ |
Enable Event Tracing for Windows | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Flight Recorder Search | ! | ! | ! | ✕ | ✕ | ✕ |
Ransomware Rollback | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Rollback timeframe (3 days) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Rollback free disk space quota (30%) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Workstation rollback filesize (20 MB) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Server rollback filesize (100 MB) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Enable endpoint isolation to allow locking / unlocking of endpoints | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Active Response Shell | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Enable secure connections using certificate pinning | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Brute force protection
For more information on each policy setting, see Brute Force Protection policy settings in Nebula.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
RDP (Port Blank) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
FTP (Port 21) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
IMAP (Port 143/9993) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
MSSQL (Port 1433) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
POP3 (Port 110/995) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
SMTP (Port 25/465/587/2525) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
SSH (Port 25) | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Prevent private network connections from being blocked | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Software management
For more information on each policy setting, see Software management policy settings in Nebula.
Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
Allow scanning for known vulnerabilities in installed software (Vulnerability Assessment) | ✓ | ✓ | ✕ | ✕ | ✕ | ✕ |
Allow updating software inventory and applying Windows OS patches for endpoints (Patch Management) | ✓ | ! | ✕ | ✕ | ✕ | ✕ |
Disable Windows automatic updates for OS patches | ! | ✕ | ✕ | ✕ | ✕ | ✕ |
Show deployment progress from the ThreatDown icon (Patch Management) | ✓ | ! | ✕ | ✕ | ✕ | ✕ |
Force software to close for updates (Patch Management) | ✓ | ! | ✕ | ✕ | ✕ | ✕ |
Force close time limit (Patch Management, 24 hours) | ✓ | ! | ✕ | ✕ | ✕ | ✕ |
Force close reminder frequency (Patch Management, 6 hours) | ✓ | ! | ✕ | ✕ | ✕ | ✕ |
Allow blocking chosen executables from running | ✓ | ✕ | ✕ | ✕ | ✕ | ✕ |
Connected storage device (USB storage, etc.) | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Physical and virtual memory of the endpoints | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Installed startup programs on the endpoints | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Installed software on the endpoints | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Software updates installed on the endpoints | ✓ | ✓ | ✓ | ✕ | ✕ | ✕ |
Servers
The following tables display the default settings for a server policy. These default settings may cause performance issues for specific servers roles. For guidance on configuring Nebula for the servers in your environment, see Configure Nebula for Windows server roles.
Endpoint agent
For more information on each policy setting, see Endpoint agent policy settings in Nebula.
Policy Option | Windows | Mac | Linux |
Show the ThreatDown icon in the notification area | ✓ | ✓ | ✕ |
Display real-time protection notifications | ✓ | ✓ | ✕ |
Allow users to run a Threat Scan (all threats will be quarantined automatically) | ✓ | ✓ | ✕ |
Show ThreatDown shortcuts on Start menu and desktop to run Threat Scans | ! | ✕ | ✕ |
Show ThreatDown option in context menus | ✓ | ✕ | ✕ |
Allow only Administrator level users to interact with the ThreatDown Tray | ✓ | ✕ | ✕ |
Automatically download and install ThreatDown application updates | ✓ | ✓ | ✕ |
Pause endpoint agent updates | ! | ✕ | ✕ |
Automatically reboot endpoints when required | ! | ! | ✕ |
Allow users to postpone a reboot | ✓ | ✓ | ✕ |
Automatically remove endpoints not seen in 90 days | ! | ! | ! |
Provide all services with additional time to initiate | ✓ | ✕ | ✕ |
Enable service health monitoring | ✓ | ✕ | ✕ |
Tamper protection
For more information on each policy setting, see Tamper protection policy settings in Nebula.
Policy Option | Windows | Mac | Linux |
Uninstall Protection | ✓ | ✓ | ✕ |
Service and Process Protection | ✓ | ✕ | ✕ |
Protection settings
For more information on each policy setting, see Protection policy settings in Nebula.
Policy Option | Windows | Mac | Linux |
Web protection | ✓ | ✓ | ✕ |
Outbound TCP | ✓ | ✕ | ✕ |
Inbound TCP | ✓ | ✕ | ✕ |
Outbound UDP | ✓ | ✕ | ✕ |
Exploit protection | ✓ | ✕ | ✕ |
Block potentially malicious email attachments (Outlook desktop only) | ✓ | ✕ | ✕ |
Malware protection | ✓ | ✓ | ✓ |
Enable Anti-Malware Scanning Interface | ✓ | ✕ | ✕ |
Behavior protection | ✓ | ✕ | ✕ |
Block untrusted applications | ✕ | ✓ | ✕ |
Delay real-time protection when ThreatDown starts for (15 seconds) | ! | ✕ | ✕ |
Windows Action Center (Let ThreatDown apply the best Windows Action Center settings) | ! | ✕ | ✕ |
Boot Process | ! | ✕ | ✕ |
Device Control (Set to Block access to the device) | ✓ | ✕ | ✕ |
Automatically scan and quarantine threats when a USB device is inserted | ! | ✕ | ✕ |
Check for protection software updates (1 Hour) | ✓ | ✓ | ✕ |
Protection updates delay (No delay) | ✓ | ✕ | ✕ |
Scan settings
For more information on each policy setting, Scan policy settings options in Nebula.
Policy Option | Windows | Mac | Linux |
Scan the contents of compressed folders (e.g. .zip, .rar. etc.) | ✓ | ✕ | ✕ |
Detect signature-less anomalous files | ✓ | ✕ | ✕ |
Scan for rootkits on the endpoints | ! | ✓ | ✕ |
Treat potentially unwanted programs (PUPs) as malware | ✓ | ✓ | ✕ |
Treat potentially unwanted modifications (PUMs) as malware | ✓ | ✕ | ✕ |
Select how endpoints should prioritize scans vs system performance (Low Priority: Better multi-tasking response) | ✓ | ✕ | ✕ |
Select maximum allocation of CPU resources for scans (Low 25%) | ✕ | ✓ | ✕ |
Endpoint Detection and Response
For more information on each policy setting, see Endpoint Detection and Response policy settings in Nebula.
Policy Option | Windows | Mac | Linux |
Suspicious activity monitoring | ✓ | ✓ | ✓ |
Suspicious activity monitoring on servers | ✓ | ✕ | ✓ |
Very aggressive detection mode | ! | ✕ | ✕ |
Collect networking events to include in searching | ✓ | ✓ | ! |
Enable Event Tracing for Windows | ! | ✕ | ✕ |
Flight Recorder Search | ! | ! | ! |
Ransomware Rollback | ✓ | ✕ | ✕ |
Rollback timeframe (3 days) | ✓ | ✕ | ✕ |
Rollback free disk space quota (30%) | ✓ | ✕ | ✕ |
Workstation rollback filesize (20 MB) | ✓ | ✕ | ✕ |
Server rollback filesize (100 MB) | ✓ | ✕ | ✕ |
Enable endpoint isolation to allow locking/unlocking of endpoints | ✓ | ✓ | ✓ |
Active Response Shell | ✓ | ✕ | ✕ |
Enable secure connections using certificate pinning | ✓ | ✕ | ✕ |
Brute force protection
For more information on each policy setting, see Brute Force Protection policy settings in Nebula.
Policy Option | Windows | Mac | Linux |
RDP (Port Blank) | ✓ | ✕ | ✕ |
FTP (Port 21) | ✓ | ✕ | ✕ |
IMAP (Port 143/9993) | ✓ | ✕ | ✕ |
MSSQL (Port 1433) | ✓ | ✕ | ✕ |
POP3 (Port 110/995) | ✓ | ✕ | ✕ |
SMTP (Port 25/465/587/2525) | ✓ | ✕ | ✕ |
SSH (Port 25) | ✓ | ✕ | ✕ |
Prevent private network connections from being blocked | ! | ✕ | ✕ |
Software management
For more information on each policy setting, see Software management policy settings in Nebula.
Policy Option | Windows | Mac | Linux |
Allow scanning for known vulnerabilities in installed software (Vulnerability Assessment) | ✓ | ✓ | ✕ |
Allow updating software inventory and applying Windows OS patches for endpoints (Patch Management) | ✓ | ! | ✕ |
Disable Windows automatic updates for OS patches | ! | ✕ | ✕ |
Show deployment progress from the ThreatDown icon (Patch Management) | ✓ | ! | ✕ |
Force software to close for updates (Patch Management) | ! | ! | ✕ |
Force close time limit (Patch Management, 24 hours) | ✓ | ! | ✕ |
Force close reminder frequency (Patch Management, 6 hours) | ✓ | ! | ✕ |
Allow blocking chosen executables from running (Application Block) | ✓ | ✕ | ✕ |
Connected storage device (USB storage, etc.) | ✓ | ✓ | ✓ |
Physical and virtual memory of the endpoints | ✓ | ✓ | ✓ |
Installed startup programs on the endpoints | ✓ | ✓ | ✓ |
Installed software on the endpoints | ✓ | ✓ | ✓ |
Software updates installed on the endpoints | ✓ | ✓ | ✓ |