Configuring the Anti-Malware Profile

The default antivirus configurations are also downloaded on the endpoint asset, as the virus definitions are downloaded on the endpoint asset.

Before configuring a New Anti-malware profile, all the Asset(s) are attached to the existing Default profile. Also, the Default profile will be an ultimate fallback profile for Asset(s) without tags or fallouts from Tag-Profile manipulations.

Do not disable the Anti-Malware option from the target host. Disabling this option will remove the quarantine folder, which cannot be recovered. You can disable the OnAccess and Behavioral Scan options.

 

 

This section includes the following topics:

Create a New Anti-Malware Profile

You can create 15 Anti-malware Profiles and add up to 10 tags to each Anti-malware Profile. Navigate to the EDR module > Configuration tab and click New Anti-malware Profile.

AV Profile button

The New Anti-malware Profile window is displayed with the following settings:

AV Profile button

  1. General Settings- requires the name, update frequency, and alerts of the Anti-malware profile. The Name field is the mandatory field in this step.
  2. OnAccess Scan- monitors the system activity by blocking the malware before it is executed. Choose and select the options for the Anti-malware to perform in case of malware detection. You can provide the path to restore the files in the Path for Restore location for the quarantined files field. It is an optional scan. 
  3. OnDemand Scan- performs the regular system scans according to the defined schedule. Choose and select the options for the Anti-malware to perform in case of malware detection. It is an optional scan.
  4. Behavioral Scan- configures settings for threats that get avoided from the heuristic engine. This type of scan adds an extra layer of protection. Choose and select the options for the Anti-malware to perform in case of malware detection. It is an optional scan.
  5. Network Protection- configures network settings to protect the user's network activity, including web browsing, email, and software applications. Select the options for the Anti-malware to perform in case of malware detection. It is an optional scan.
  6. Network Attack Defense- configures and provides a security layer against specific attacks. Select the options for the Anti-malware to perform in case of malware detection. It is an optional scan.
  7. Assets- allows you to Add Tags to your Assets. Click the Add Tags link and select the Tags.

    When you add tags to a new or an existing Anti-malware profile, the Asset(s) will be assigned to this updated Anti-malware profile.

    The Asset(s) will be assigned to the last updated Anti-malware profile when you remove a tag from an existing profile. If the removed tag does not include in any other existing Anti-malware profile, the Asset(s) gets assigned to the Default profile.

  8. Exclusions- Files not required to be scanned in the OnAccess and OnDemand Scans are added in this field. For more information, see Exclusion Support.
  9. Review and Confirm- Summarize your selections for the New Anti-malware Profile. Click Create Anti-malware Profile. Click Previous to make changes in any of the steps.

View, Edit, or Clone Profile

You can View, Edit, or Clone an existing Anti-malware Profile from the Quick Actions menu. Perform the following steps to perform these actions:

  1. Navigate to the EDR module > Configuration tab.
  2. Hover the mouse over the profile you want to perform the View, Edit, or Clone action.
  3. Click the drop-down arrow, select View, Edit, or Clone from the Quick Actions menu, and follow the onscreen wizard to configure your profile.

    Quick Actions menu

Apply Profiles on Assets

You can Apply the new or an existing Profile on your assets from the Quick Actions menu. Perform the following steps to apply profiles on assets:

  1. Navigate to the EDR module > Configuration tab.
  2. Hover the mouse over the profile you want to apply on Assets.
  3. Click the drop-down arrow, and select Apply Profiles on Assets from the Quick Actions menu.

    Note: If a Tag is not added to the Anti-malware Profile, the Apply Profiles on Assets option is disabled.

    Apply Profile on Assets

  4. You will be directed to the Assets tab. From the Actions menu, select Apply Anti-malware Profile.

    Apply Anti-malware profile option in Quick menu

  5. Once the profile is applied to the asset(s), you are redirected to the Configuration tab.

    A notification is generated once the profile is applied to the Assets.

    Anti-malware notification

Delete a Profile

You can Delete a Profile from the Actions menu.

  1. Navigate to the EDR module > Configuration tab.
  2. Select the checkbox to the left of the Profile Name column.
  3. The Actions button is enabled. Click the drop-down arrow and select Delete Profiles.

    Delete profile option

    A confirmation window is displayed.

    Delete AV profile

  4. Click Yes if you want to delete the profile.

    Note: A Warning window gets displayed if you delete a profile with active Assets attached.

    Warning message