1 |
From
Policy Manager, select a submenu item that has the anti-virus scanner.
The policy page for the submenu item appears.
|
2 |
Click
Master policy or any subpolicy you want to configure, then click
List All Scanners tab.
|
3 |
Click
Anti-Virus Scanner.
|
4 |
In
Activation, select
Enable to activate the anti-virus scanner settings for the selected submenu item.
|
• | If you are configuring settings for a subpolicy, select
Use configuration from parent policy to inherit settings from the parent policy.
|
• | If you add a new scanner to the policy, you can specify a time slot when to enable the scanner, using
What time would you like this to apply drop-down list.
|
|
|
5 |
From the
Options section, you can use:
Option
|
Definition
|
High Protection
|
To scan all files, archive files, unknown viruses, unknown macro viruses, mass mailers, potentially unwanted programs, and scan all files for macros.
|
Medium Protection
|
To scan all files, archive files, unknown viruses, unknown macro viruses, mass mailers, and potentially unwanted programs.
|
Low Protection
|
To scan only default file types, archive files, mass mailers, and potentially unwanted programs.
|
<create new set of options>
|
To create your customized anti-virus scanner settings.
|
Edit
|
To edit the existing level of protection.
|
|
6 |
If you select to edit or modify the scanner settings, in
Instance name, type a unique name for the anti-virus scanner setting instance. This field is mandatory.
|
7 |
In
Basic Options tab under
Specify which files to scan, select one of these options:
• |
Scan all files — To specify that all files to scan regardless of their type.
|
• |
Default file types — To specify that only the default file types to scan.
|
• |
Defined file types — To specify which file types to scan.
|
|
8 |
Select more scanner options available in
Scanner options. You can select:
• |
Scan archive files (ZIP, ARJ, RAR...)
| • |
Scan all files for macros
|
• |
Find unknown file viruses
| • |
Find all macros and treat as infected
|
• |
Find unknown macro viruses
| • |
Remove all macros from document files
|
• |
Enable McAfee Global Threat Intelligence file reputation — This enables the threat intelligence gathered by McAfee Labs that would prevent damage and data theft before a signature update is available. Select the Sensitivity level from the options available.
|
| The
Find all macros and treat as infected and
Remove all macros from document files options have a combined functionality. When you select
Find all macros and treat as infected, the
Remove all macros from document files option is selected automatically. When you enable this option, all macros in the attachments are treated as infected.
|
|
9 |
On the
Advanced tab under
Custom malware categories, specify the items to be treated as malware. There are two ways to select malware types:
• | Select the malware types from the list of checkboxes.
|
• | Select
Specific detection names, type a malware category, then click
Add.
| When typing a malware category name, you can use wildcards for pattern matching.
|
|
|
10 |
Select the
Do not perform custom malware check if the object has already been cleaned option, if the cleaned items must not be subjected to the custom malware check.
|
11 |
In
Clean options, specify what happens to files that are reduced to zero bytes after being cleaned. Select any one of these options:
• |
Keep zero byte file — To keep files that have been cleaned and is of zero bytes.
|
• |
Remove zero byte file — To remove any file that has zero bytes after being cleaned.
|
• |
Treat as a failure to clean — To treat zero-byte files as if they cannot be cleaned, and apply the failure to clean action.
|
|
12 |
In
Packers tab, select:
• |
Enable detection — To enable or disable the detection of packers.
| • |
Add — To add packer names to a list. You can use wildcards to match names.
|
• |
Exclude specified names — To specify which packers can be excluded from being scanned.
| • |
Delete — To remove packer names you have added. This link is activated if you click
Add.
|
• |
Include only specified names — To specify which packers you want the software to detect.
|
|
13 |
In
PUPs tab, select:
• |
Enable detection — To enable or disable the detection of potentially unwanted programs. Click the disclaimer link and read the disclaimer before configuring potentially unwanted programs detection.
| • |
Include only specified names — To specify which potentially unwanted programs you want the software to detect. For example, if you enable spyware detection and specify that only named spyware programs should be detected, all other spyware programs are ignored.
|
• |
Select the program types to detect — To specify whether each type of potentially unwanted programs in the list to be detected or ignored.
| • |
Add — To add potentially unwanted programs names to a list. You can use wildcards to match names.
|
• |
Exclude specified names — To specify which potentially unwanted programs can be excluded from being scanned. For example, if you have enabled spyware detection, you can create a list of spyware programs that you want the software to ignore.
| • |
Delete — To delete potentially unwanted programs names that you have added. This link is activated if you click
Add.
| The
McAfee Threat Intelligence website contains a list of recent malware names. Use
Search the Threat Library to view information about specific malware.
|
|
|
14 |
Click
Save to return to the policy page.
|
15 |
In
Actions to take, click
Edit. In these following tabs, specify the anti-virus scanner actions that must be taken if a virus (or virus-like behavior) is detected:
• |
Cleaning — Select
Attempt to clean any detected virus or trojan to activate various actions. Select the actions to be taken from:
◦ |
Log
| ◦ |
Notify external sender
|
◦ |
Quarantine
| ◦ |
Notify internal recipient
|
◦ |
Notify administrator
| ◦ |
Notify external recipient
|
◦ |
Notify internal sender
|
|
• |
Default Actions — From
Take the following action drop-down list, select an action.
◦ |
Replace item with an alert
| ◦ |
Delete message
|
◦ |
Delete embedded item
| ◦ |
Allow through
|
|
| For more information on the primary and secondary actions, see the
Actions you can take on detections section.
|
|
16 |
Select the corresponding alert document or click
Create to make a new alert document. From
And also, select more actions to be taken for these tabs:
• |
Custom Malware
|
• |
Packers
|
• |
PUPs
|
|
17 |
Click
Save to apply the settings and return to the policy settings page.
|
18 |
Click
Apply to configure these settings to a policy.
|