AV Default Policies — The AV Default Policies section filters events from the AVAPI user, a service internal to Sheriff CSM that performs various system tasks. Because these logs only record system processes, their audience consists primarily of Sheriff Technical Support. You can filter such events by highlighting the policy and clicking Enable.
Note: In Sheriff CSM version 5.3.2 and later, the AVAPI filter policy is enabled by default.
New — Click this button to create a new policy.
Modify — Select an existing policy from the list and click this button to modify that policy.
Delete Selected — Select an existing policy from the list and click this button to delete it.
Duplicate Selected — Select an existing policy from the list and click this button to duplicate it. You can then rename and update the policy as desired and save it.
Reload Policies — Restarts the service used to manage the policies. After you modify or reorder policies for external events, you must reload them. Otherwise, the Sheriff CSM Server won't recognize the changes.
Enable/Disable Policy — Select a policy from the list and click this button to enable or disable it.