Protected Mode - Anomaly Detection

When in turn on Anomaly Detection, Neuralyzer will make alert if there are any abnormal activities or unauthorized behaviors in the system, including:
- Unauthorized device connected to the system.
- A device is in an inactive state for too long, exceeding the allowable threshold.
- A device is in an active state but does not communicate for a period of time beyond the threshold.
- A device that has unauthorized open ports and use unauthorized protocol on allowed ports.
- A device that has supply chain violation.
- A device that has CVSS score in unwanted range.
- 2 devices in the system communicating with each other using the protocol are not allowed.
- 2 devices in the system to communicate with each other on the port is not allowed.
- 2 devices in the system communicate with each other at unauthorized intervals.
- A device that is being communicated to unwanted remote host.
To avoid generating unwanted alerts, make sure you've reviewed the policies for the device and connection, the settings in the Device type Settings.
if you need to work with devices or edit settings or other operations inside Neuralyzer and don't want to be interrupted by alerts (which will take you to the alert screen), just head to Alert settings and disable "Make On-screen alert".
Note: The device that still in learning phase will not be alerted even user turn on Anomaly Detection.
Was this page helpful?