Skip to content
Last update: 2022-03-29

Fix Server Threat Protection policy

Ensure your Server Threat Protection policies use the recommended settings.


The recommended settings offer the best security. If you must change settings to fix issues, change as few as you can and apply them to as few devices as you can.

If Account Health Check warns that server policies have settings that differ from our recommendations, do as follows:

  1. Click the policy name in the warning.

    Policy health warning

  2. The Settings tab on the policy page opens. A warning shows at the top of the tab and settings that differ from our recommendations are highlighted in red.

    • If the policy is the Base Policy, as in the example shown here, click Reset to reapply the recommended settings.
    • For any other policy, or if you want to review what will change, continue to the next step.

    Policy settings tab

  3. In the Intercept X Advanced for Server settings, review any settings with warnings and turn them on.

    Enable CPU branch tracing doesn't need to be on, but if it's already on, you can leave it on.

    Intercept X Advanced settings

  4. Scroll down to the Server Protection default settings.

    If there are settings with warnings, select Enable all Server Protection default features. This turns on all settings except SSL/TLS decryption of HTTPS websites (turn this on manually if you want it).

    Alternatively, review each setting and turn it on.

    Server Protection default settings

  5. Click Save at the top of the policy page.

  6. The Settings tab now shows that you have the recommended protection.

    Policy with recommended protection

Back to top