If a high-risk intrusion is detected on your server after the adaptive threat detection feature is enabled, the Security Center agent on your server automatically runs in Safeguard Mode For Major Activities mode. This mode enables all the protection rules and security engines, which helps detect intrusions in a more comprehensive manner. This topic describes how to enable the adaptive threat detection feature.

Prerequisites

The Enterprise or Ultimate edition of Security Center is purchased, or Security Center is upgraded to the Enterprise or Ultimate edition. For more information, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.

Background information

The adaptive threat detection feature is disabled by default. You must manually enable the feature. If a high-risk intrusion is detected on your server after the adaptive threat detection feature is enabled, the Security Center agent on your server automatically runs in Safeguard Mode For Major Activities mode. In this mode, Security Center protects your server at a high level for seven days and generates alerts for all suspicious intrusions and potential threats. For more information about this mode, see Manage protection modes.
Note During the 7-day protection period, if you manually configure a protection mode for the Security Center agent on your server, the agent runs in the configured mode. After the 7-day protection period, the adaptive threat detection feature does not change the protection mode that you configured.

Procedure

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, click Settings.
  3. In the Dynamic adaptive threat detection capability section of the General tab, turn on Dynamic and adaptive threat detection.