hp Sure Sense Malware Protection Software User Guide
- June 9, 2024
- HP
Table of Contents
**hp Sure Sense Malware Protection Software User Guide
**
Getting started
HP Sure Sense uses deep learning models to detect malicious ƬOes and prevent malware, zero-day, ransomware, and Advanced Persistent Threat (APT) attacks from harming your computer.
HP Sure Sense uses the following components:
- Prediction Model: A lightweight deep learning prediction model. It autonomously detects cyber threats and enables zero-day and APT protection.
- File reputation Cloud Services: A cloud-based database of information on known ƬOes that adds a second layer of classification. When this option is enabled, the hash for PE (Portable Executable) ƬOes is sent to the ƬOe reputation services in the cloud.
- Content Delivery Network: A system that distributes the latest prediction model and software updates for HP Sure Sense.
Main menu tabs
The main menu includes the following tabs:
-
Status: Displays the protection status, threat summary, and other information.
-
Alert log: Displays a table that lists security events and logs. It includes information about security, updates, and management. From this page, you can view additional details about security alerts and take further actions.
-
Quarantine: Displays a table that lists all quarantined files. Each entry is\ based on a unique hash value.
Entries include information related to the files and the original location of the files. You can restore quarantined files from the Action column. -
Settings: Allows you to configure whether notLƬcDtLons are displayed, set console languages, and manage other preferences. To view or change Advanced Settings: Select Edit, and enter the administrator credentials.
Full scan
Full scan analyzes all existing ƬOes on local drives of the computer. Any ƬOe LdentLƬed as malicious is blocked and quarantined.
Enhanced threat protection
When Enhanced Threat Protection is enabled, it monitors the behavior of all running processes for malware. If a process is LdentLƬed as ransomware, the process is terminated.
Security processes
Malware prevention
All ƬOes added to the local drives of the computer are automatically scanned and analyzed. When a file is identified as malicious, the following actions occur:
- Thefileis blocked and quarantined, The quarantine process copies the fle to the quarantine folder, deletes the file from its original location, and adds the file to the quarantine table.
- Aneventis added to the Alert Log page. A notifications displayed to indicate that the threat is prevented. if you click the notification, the Quarantine page opens with the relevant entry highlighted.
NOTE: Malicious files on external storage devices are blocked and prevented from running, but are not {uarantined.
Restoring and deleting quarantined files
Files moved to the quarantined folder can be restored or deleted as needed. Restored files are moved to their original locations and allowed to run. Deleting a quarantined file removes the entry from the quarantine table and deletes the file from the quarantine folder. It daes not change the classification of the file, and any new instances ofthe file are blocked and quarantined.
To delete or restore quarantined files:
- Open the Quarantine pace.
- Select the fle you want to delete Select the Retion icon.
- Select from the options to Restore File, Delete File, or view File Details.
IMPORTANT: Before you restore a quarantined file, verify that the file is not malware.
To delete al files at once:
On the Quarantine page, select the trash can con located t the right of the search box.
Adding and removing trusted files
‘Trusted files are files that were blocked and then restored and allowed to run by the user. You can add trusted files to the trusted files list from the Quarantine page or the Alert Log page. You can add processes to the ‘rusted files list only from the Alert Log page.
Files added to the trusted files list are restored to their original folders and deleted from the quarantine folder. Processes added to the trusted files list are allowed to run and are no longer monitored for ransomware behavior. Files and processes added tothe trusted files list are not scanned.
Toad atrusted file or process:
- Open the Alert Log page.
- Select the Actions icon inthe entry ofthe file or process that you want to add
- To add a ile, select Restore File.
Todd a process, select Add to Trusted Files.
important: Before you add file or process to the trusted files lst, verify that tis not malware.
Toremove a trusted fle or process from the trusted files list:
- From the Settings page, select Edit Trusted Files.
- Select the file or process that you want to remove, and then select the Retions icon.
- Toremovea fie, select Quarantine File.
To remove a process, select Remove From List.
Exclusions
Folders and processes can be excluded from being scanned by using the Exclusions option.
IMPORTANT: Before you add a folder to the exclusion list, HP recommends the following:
- Add only read-only folders to minimize the opportunity for trusted folders to be abused by attackers.
- Donat add temporary folders. Malware tends to write modules to temporary folders. This advice is also relevant for system folders such as Windows of system32.
- If a specific solution continues to return false positives, look to the vendor ofthe solution for recommendations.
Toaccess the exclusions list:
- Open the Settings page, and scroll down to Advanced Settings.
- Select Edit Exclusions.
A Uninstalling HP Sure Sense
If HP Sure Sense is currently installed and a new installation is required, you must Ƭrst remove the current version. The method to uninstall is based on how HP Sure Sense was installed.
If HP Sure Sense was manually installed using the installation wizard:
Run the installer, and select Uninstall.
If HP Sure Sense was preinstalled on your device:
- In Windows Settings, go to Apps & features.
- Uninstall the HP Sure Sense Installer.