Configuring Anti-Malware Policy Rules
R81 Harmony Endpoint Server Administration Guide|299
Configuring Anti-Malware Policy Rules
For each action in a rule, select an option, which defines the action behavior. You can select a
predefined Action option or select New to define a custom action.
Right-click an Action and select Edit or Edit Shared Action to change the action behavior.
Changes to policy rules are enforced only after you install the policy.
Note that exclusions that you configure in one action apply to all Anti-Malware scans.
Scan All Files on Access
By default, all file are scanned when they are opened or used.
You can configure Trusted Processes as exceptions. When a trusted process accesses a file,
the file is not scanned. Exclude a process only if you fully trust it and are sure it is not malware.
You can also select or clear these options:
n
Detect Unusual Activity - Use behavior detection methods to protect computers from
new threats whose information has not been added to the databases yet. It does not
monitor trusted processes.
n
Enable Cloud Reputation Services For Files, Web Resources, and Processes - Use
cloud technologies to improve precision of scanning and monitoring functions. If you
enable or disable this setting, it takes affect after the client computer restarts.
l
Connection Timeout - Change the maximum time to get a response from
Reputation Services (in milliseconds).
Note - If you decrease this value, it can improve the performance of the Anti-
Malware component but reduces security, as clients might not get a reputation
status that shows an item to be zero-day malware.
n
Enable Web Protection - Prevents access to suspicious sites and execution of
malicious scripts. Scans files, and packed executables transferred over HTTP, and alerts
users if malicious content is found.
n
Mail Protection - Enable or disable scans of email messages when they are passed as
files across the file system.
To configure trusted processes:
1. In the Properties of the Scan all files on Access Action, click Add.
2. In the Trusted Processes window, enter the fully qualified path or an environment
variable for the trusted executable file. For example:
To Next Page
Loading...
