1. Summary

MDS provides a secure operating environment for the host by providing a execution holding feature.
This can prevent the host pc by withholding the execution of the file.

- Pending execution of files that have not been verified as healthy or malicious.
- Normal files can run normally and malicious files are blocked by the MDS Agent .

2. Contents

If you want to delay the execution of the file if it is not yet determined to be malicious in Execution Holding tab. The unknown files will work according to the results normal/malicious after the analysis is completed on the MDS. 

Click Management > Agent > Agent Policy > Add > Execution Holding 

- File created in: Enter the time to scan and check whether the files generated during the specified period are harmful. Time must be between 1 to 10080 minutes. (Default: 60)

- Waiting Time: Enter the time to wait for the replies while analyzing the executable files. The time should be entered in seconds. (Default: 5)

- When the waiting time exceeded: Select the action required when the waiting time exceeded the specified waiting time - Block Execution, Allow Execution, or Ask User. Block Execution turns on the Block mode. Select the action to diagnosis execution of the unknown files and to block the malicious codes. Allow Execution turns on the Execute mode. Select the action to diagnosis execution of the unknown files and allow execution only when the file is determined to be safe. If a malicious code is detected, the related log will be generated and the administrator can take a response in detection logs. Ask User turns on the Select mode. Select the action to ask the user whether to run the unknown executable file by displaying a popup message.

- When the connection failure occurred to MDS server: Select the action required when the connection failure occurred to MDS server. You can select between Block Execution and Allow Execution. If you wish to allow users to select between Block or Allow execution according to different situations, select Ask User. If you cannot use the actions or doesn't want to use them, select Disable.

Unlike Anti-Virus(AV) such as V3, MDS Agent does not have a engine. Therefore, when a file occurs execution holding, the agent uploads the file to MDS and receives the analysis results.

※ If MDS have information about a file in the agent cache, the analyzing process is omitted.  Because local cache is checked first before MDS analysis.