Configure the Anti-malware Profile from EDR UI

The default antivirus configurations are also downloaded on the endpoint asset, as the virus definitions are downloaded on the endpoint asset.

Before configuring a New Anti-malware profile, all the Asset(s) are attached to the existing Default profile. Also, the Default profile will be an ultimate fallback profile for Asset(s) without tags or fallouts from Tag-Profile manipulations.

Do not disable the Anti-Malware option from the target host. Disabling this option will remove the quarantine folder, which cannot be recovered. You can disable the OnAccess and Behavioral Scan options.

 

 

Create a New Anti-Malware Profile

You can create 15 Anti-malware Profiles and add up to 10 tags to each Anti-malware Profile. Navigate to the Variable "edr_short" is not defined > Configuration tab and click New Anti-malware Profile.

AV Profile button

The New Anti-malware Profile window is displayed with the following settings:

AV Profile button

  1. General Settings- requires the name, update frequency, and alerts of the Anti-malware profile. For more information about the field, refer Configuring Anti-malware Profile from General Settings.
  2. OnAccess Scan- monitors the system activity by blocking the malware before it is executed. Choose and select the options for the Anti-malware to perform in case of malware detection. You can provide the path to restore the files in the Path for Restore location for the quarantined files field. It is an optional scan. For more information on configuring the OnAccess Scan, refer OnAccess Scan from EDR UI.
  3. OnDemand Scan- performs the regular system scans according to the defined schedule. Choose and select the options for the Anti-malware to perform in case of malware detection. It is an optional scan. For more information about OnDemand Scan commands and configuring the scan from EDR UI, refer OnDemand Scan Commands.
  4. Behavioral Scan- configures settings for threats that get avoided from the heuristic engine. This type of scan adds an extra layer of protection. Choose and select the options for the Anti-malware to perform in case of malware detection. It is an optional scan. For more information, refer Behavioral Scan
  5. Network Protection- configures network settings to protect the user's network activity, including web browsing, email, and software applications. Select the options for the Anti-malware to perform in case of malware detection. It is an optional scan. For more information, see Network Protection.
  6. Network Attack Defense- configures and provides a security layer against specific attacks. Select the options for the Anti-malware to perform in case of malware detection. It is an optional scan. For more information, refer Network Attack Defense
  7. Content Control- enables and configures web access control and application blacklisting for content control. For more information, refer Content Control.
  8. Assets- allows you to Add Tags to your Assets. Click the Add Tags link and select the Tags. To create and Assign tags, see Create and Assign Tags.

    When you add tags to a new or an existing Anti-malware profile, the Asset(s) will be assigned to this updated Anti-malware profile.

    The Asset(s) will be assigned to the last updated Anti-malware profile when you remove a tag from an existing profile. If the removed tag is not included in any other existing Anti-malware profile, the Asset(s) gets assigned to the Default profile.

  9. Device Control- prevents data leaks and any malware spread via external devices attached to the endpoints. To implement Device Control, you should have Windows Agent version 5.2.0.x and above and enable the antimalware policy option. For more information, refer Device Control Support.

  10. Exclusions- Files not required to be scanned in the OnAccess and OnDemand Scans are added in this field. For more information, refer Exclusion Support.
  11. Review and Confirm- Summarize your selections for the New Anti-malware Profile. Click Create Anti-malware Profile. Click Previous to make changes in any of the steps.

View, Edit, or Clone Profile

You can View, Edit, or Clone an existing Anti-malware Profile from the Quick Actions menu. Perform the following steps to perform these actions:

  1. Navigate to the Variable "edr_short" is not defined  > Configuration tab.
  2. Hover the mouse over the profile you want to perform the View, Edit, or Clone action.
  3. Click the drop-down arrow, select View, Edit, or Clone from the Quick Actions menu, and follow the onscreen wizard to configure your profile.

        Quick Actions menu

Apply Profiles on Assets

You can Apply the new or an existing Profile on your assets from the Quick Actions menu. Perform the following steps to apply profiles on assets:

  1. Navigate to the Variable "edr_short" is not defined > Configuration tab.
  2. Hover the mouse over the profile you want to apply on Assets.
  3. Click the drop-down arrow, and select Apply Profiles on Assets from the Quick Actions menu.

    If a Tag is not added to the Anti-malware Profile, the Apply Profiles on Assets option is disabled.

    Apply Profile on Assets

  4. You will be directed to the Assets tab. From the Actions menu, select Apply Anti-malware Profile.

    Apply Anti-malware profile option in Quick menu

  5. Once the profile is applied to the asset(s), you are redirected to the Configuration tab.

    A notification is generated once the profile is applied to the Assets.

Delete a Profile

You can Delete a Profile from the Actions menu.

  1. Navigate to the Variable "edr_short" is not defined > Configuration tab.
  2. Select the checkbox to the left of the Profile Name column.
  3. The Actions button is enabled. Click the drop-down arrow and select Delete Profiles.

    Delete profile option

    A confirmation window is displayed.

  4. Click Yes if you want to delete the profile.

    A Warning window gets displayed if you delete a profile with active Assets attached.

    Warning message

Additional References