What is Dell Threat Defense
Summary: Dell Threat Defense is a Software as a Service (SaaS) solution that uses Cylance’s advanced threat prevention to manage malware before it can affect a host.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Note:
- As of May 2022, Dell Threat Defense has reached End of Maintenance. This product and its articles are no longer updated by Dell. For more information, reference Product Life Cycle (End of Support and End of Life) Policy for Dell Data Security. If you have any questions on alternative articles, either reach out to your sales team or contact endpointsecurity@dell.com.
- Reference Endpoint Security for additional information about current products.
This guide gives a brief description on the functions and features of Dell Threat Defense.
Affected Products:
- Dell Threat Defense
Affected Operating Systems:
- Windows
- Mac
The following are common questions that are asked about Dell Threat Defense:
Note: Some questions may redirect you to a different page due to the complexity and length of the answer.
How does Dell Threat Defense work?
Dell Threat Defense is an advanced threat prevention program that is installed on either Windows (desktop or server) or Mac (desktop) platforms. These platforms rely on a web console to manage threats, reporting, policies, and upgrades.
Dell Threat Defense can work online or offline as it analyzes files by:
Initial Scan: Dell Threat Defense on activation performs an initial scan against all active processes and files.
File Hash Lookup: Dell Threat Defense checks if the file signature (known as a hash) was previously identified as a threat.
Once the initial scan is complete, it provides continuous protection through:
Process Scan: Dell Threat Defense performs a scan on processes running and configured for auto start.
Execution Control: Dell Threat Defense analyzes files on execution.
Analyzed files are identified as threats by:
Local Threat Score: Dell Threat Defense uses a mathematical model to apply a score to files and processes that are determined to be a potential threat.
Global Threat Score: The local threat score is sent up to the web console and compared globally to all other Cylance environments.
Dell Threat Defense uses this score to determine the correct actions to take against files that are identified as a threat. Depending on policies, threats are handled in two ways:
Flagged: Files are identified as either unsafe or abnormal based on the local and global score. A Dell Threat Defense administrator can choose to:
- Proactively/reactively quarantine identified threats from one or more endpoints.
- Proactively/reactively safe-list files that are incorrectly identified as threats from one or more endpoints.
Auto-Quarantine: Files that are identified as either unsafe or abnormal are automatically quarantined. A Dell Threat Defense administrator can choose to retroactively safe-list files that are incorrectly identified as threats.
Note:
- Files that are retroactively safe-listed are automatically removed from quarantine and placed back in their original location.
- For more information about managing threats, reference the Protection section in How To Manage Dell Threat Defense.
What are Dell Threat Defense system requirements?
The system requirements for Dell Threat Defense depend on whether the endpoint is using Windows or Mac endpoints. For a complete listing on each platform's requirements, reference Dell Threat Defense System Requirements for more information.
What Windows 10 feature updates are compatible?
For supported Windows 10 feature updates, reference Dell Data Security Windows Version Compatibility.
How do I download Dell Threat Defense?
Dell Threat Defense can be downloaded directly from the web console by a Dell Threat Defense administrator. More information can be found under the Device section in How to Download Dell Threat Defense.
Note: Dell Threat Defense is not available to download directly from https://www.dell.com/support, as the web console requires an active subscription for access.
How do I install Dell Threat Defense?
The installation process for Dell Threat Defense varies between Windows and Mac platforms. For a complete walkthrough on both platforms, reference How to Install Dell Threat Defense.
How do I disable System Integrity Protection for Dell Threat Defense?
On Mac OS X El Capitan (10.11.X) and later, System Integrity Protection (SIP) may need to be temporarily disabled. For more information, reference How to Disable System Integrity Protection for Dell Data Security Mac Products.
How do I allow Dell Data Security kernel extensions on macOS?
On macOS High Sierra (10.13.X) and later, Dell Data Security kernel extensions may need to be approved. For more information, reference How to Allow Dell Data Security Kernel Extensions on macOS.
How do I get another invite for Dell Threat Defense?
An administrator may get an invite error when attempting to log in to the Dell Threat Defense tenant if they let their invitation lapse by seven days.
To resolve this issue:
Contact ProSupport using Dell Data Security International Support Phone Numbers.
How do I obtain an installation token for Dell Threat Defense?
An installation token is required to install Dell Threat Defense. For a complete walkthrough, reference How to Obtain an Installation Token for Dell Threat Defense.
How do I manage Dell Threat Defense behavior?
Dell Threat Defense uses a web console to manage threats, policies, updates, and reporting for all endpoints. For an overview on all the main features, reference How To Manage Dell Threat Defense.
How do I safe list files for Dell Threat Defense?
Files are safe-listed in the administration console of Dell Threat Defense. For more information, reference How to Safe List Files in Dell Threat Defense.
What policies are recommended for Dell Threat Defense?
Each environment's policy recommendations may vary depending on requirements. For testing and baseline purposes, reference Dell Threat Defense Policy Recommendations.
How do I identify a file’s SHA-256 for exclusions?
A secure hash algorithm (SHA)-256 may be used in Dell Threat Defense exclusions. For more information, reference How to Identify a File's SHA-256 Hash for Security Applications.
How do I determine the product version of Dell Threat Defense?
The product version for Dell Threat Defense varies between Windows and Mac platforms. For a comprehensive walkthrough, reference How to Identify the Dell Threat Defense Version.
How do I analyze endpoint status?
Endpoint statuses may be pulled from Windows and Mac endpoints for an in-depth review. For more information, reference How to Analyze Dell Endpoint Security Suite Enterprise and Threat Defense Endpoint Status.
How do I collect logs to troubleshoot Dell Threat Defense?
The log collection process for Threat Defense varies between Windows and Mac platforms. For a comprehensive walkthrough, reference How to Collect Logs for Dell Threat Defense.
How do I uninstall Dell Threat Defense?
The uninstall process for Dell Threat Defense varies between Windows and Mac platforms. For a complete walkthrough on both platforms, reference How To Uninstall Dell Threat Defense.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.
Affected Products
Dell Threat DefenseArticle Properties
Article Number: 000129647
Article Type: How To
Last Modified: 04 Mar 2025
Version: 17
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.