McAfee Security for Microsoft Exchange 8.6.0

Configure anti-virus scanner settings

Configure Anti-Virus Scanner settings in a policy to identify, thwart, eliminate computer viruses and other malware.

Task
1 From Policy Manager, select a submenu item that has the anti-virus scanner.
The policy page for the submenu item appears.
2 Click Master policy or any subpolicy you want to configure, then click List All Scanners tab.
3 Click Anti-Virus Scanner.
4 In Activation, select Enable to activate the anti-virus scanner settings for the selected submenu item.
If you are configuring settings for a subpolicy, select Use configuration from parent policy to inherit settings from the parent policy.
If you add a new scanner to the policy, you can specify a time slot when to enable the scanner, using What time would you like this to apply drop-down list.
5 From the Options section, you can use:
Option Definition
High Protection To scan all files, archive files, unknown viruses, unknown macro viruses, mass mailers, potentially unwanted programs, and scan all files for macros.
Medium Protection To scan all files, archive files, unknown viruses, unknown macro viruses, mass mailers, and potentially unwanted programs.
Low Protection To scan only default file types, archive files, mass mailers, and potentially unwanted programs.
<create new set of options> To create your customized anti-virus scanner settings.
Edit To edit the existing level of protection.
6 If you select to edit or modify the scanner settings, in Instance name, type a unique name for the anti-virus scanner setting instance. This field is mandatory.
7 In Basic Options tab under Specify which files to scan, select one of these options:
Scan all files — To specify that all files to scan regardless of their type.
Default file types — To specify that only the default file types to scan.
Defined file types — To specify which file types to scan.
8 Select more scanner options available in Scanner options. You can select:
Scan archive files (ZIP, ARJ, RAR...) Scan all files for macros
Find unknown file viruses Find all macros and treat as infected
Find unknown macro viruses Remove all macros from document files
Enable McAfee Global Threat Intelligence file reputation — This enables the threat intelligence gathered by McAfee Labs that would prevent damage and data theft before a signature update is available. Select the Sensitivity level from the options available.
The Find all macros and treat as infected and Remove all macros from document files options have a combined functionality. When you select Find all macros and treat as infected, the Remove all macros from document files option is selected automatically. When you enable this option, all macros in the attachments are treated as infected.
9 On the Advanced tab under Custom malware categories, specify the items to be treated as malware. There are two ways to select malware types:
Select the malware types from the list of checkboxes.
Select Specific detection names, type a malware category, then click Add.
When typing a malware category name, you can use wildcards for pattern matching.
10 Select the Do not perform custom malware check if the object has already been cleaned option, if the cleaned items must not be subjected to the custom malware check.
11 In Clean options, specify what happens to files that are reduced to zero bytes after being cleaned. Select any one of these options:
Keep zero byte file — To keep files that have been cleaned and is of zero bytes.
Remove zero byte file — To remove any file that has zero bytes after being cleaned.
Treat as a failure to clean — To treat zero-byte files as if they cannot be cleaned, and apply the failure to clean action.
12 In Packers tab, select:
Enable detection — To enable or disable the detection of packers. Add — To add packer names to a list. You can use wildcards to match names.
Exclude specified names — To specify which packers can be excluded from being scanned. Delete — To remove packer names you have added. This link is activated if you click Add.
Include only specified names — To specify which packers you want the software to detect.
13 In PUPs tab, select:
Enable detection — To enable or disable the detection of potentially unwanted programs. Click the disclaimer link and read the disclaimer before configuring potentially unwanted programs detection. Include only specified names — To specify which potentially unwanted programs you want the software to detect. For example, if you enable spyware detection and specify that only named spyware programs should be detected, all other spyware programs are ignored.
Select the program types to detect — To specify whether each type of potentially unwanted programs in the list to be detected or ignored. Add — To add potentially unwanted programs names to a list. You can use wildcards to match names.
Exclude specified names — To specify which potentially unwanted programs can be excluded from being scanned. For example, if you have enabled spyware detection, you can create a list of spyware programs that you want the software to ignore. Delete — To delete potentially unwanted programs names that you have added. This link is activated if you click Add.
The McAfee Threat Intelligence website contains a list of recent malware names. Use Search the Threat Library to view information about specific malware.
14 Click Save to return to the policy page.
15 In Actions to take, click Edit. In these following tabs, specify the anti-virus scanner actions that must be taken if a virus (or virus-like behavior) is detected:
Cleaning — Select Attempt to clean any detected virus or trojan to activate various actions. Select the actions to be taken from:
Log Notify external sender
Quarantine Notify internal recipient
Notify administrator Notify external recipient
Notify internal sender
Default Actions — From Take the following action drop-down list, select an action.
Replace item with an alert Delete message
Delete embedded item Allow through
For more information on the primary and secondary actions, see the Actions you can take on detections section.
16 Select the corresponding alert document or click Create to make a new alert document. From And also, select more actions to be taken for these tabs:
Custom Malware
Packers
PUPs
17 Click Save to apply the settings and return to the policy settings page.
18 Click Apply to configure these settings to a policy.