Antivirus
This section enables you to configure the general behavior of the signature-based antivirus engine.
| Field | Description |
|---|---|
|
File antivirus |
Enable or disable the antivirus protection for the file system. |
|
Mail protection |
Enable or disable the antivirus protection for the mail client installed on user computers. Advanced EPDR detects threats received over the POP3 protocol and encrypted variants. |
|
Web browsing antivirus |
Enable or disable the antivirus protection for the web browser installed on user computers. Advanced EPDR detects threats received over the HTTP protocol and encrypted variants. |
When Advanced EPDR detects malware or the Cytomic anti-malware laboratory identifies a suspicious file, Advanced EPDR takes one of these actions:
-
Known malware files when disinfection is possible: Replaces the infected file with a clean copy.
-
Known malware files when disinfection is not possible: Makes a copy of the infected file and deletes the original file.
AMSI (AntiMalware Scan Interface) technology
The Windows AntiMalware Scan Interface (AMSI) is a versatile interface that allows your applications and services to integrate with any anti-malware product that is present on a computer. AMSI provides enhanced malware protection for your users and their data, applications, and workloads.
For more information, see https://learn.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal.
This feature is only available for computers with a Windows operating system installed.
To enable or disable AMSI technology, enable the Enable advanced scanning with AMSI toggle.
Exclusions
You can add exclusions for programs that might cause performance issues when you enable advanced scanning with AMSI. In the text box, type the names of the programs and press Enter. For more information about how the console behaves when you edit exclusions for a settings profile managed by a partner, see Exclusions set by a partner.
Threats to detect
Configure the types of threats that Advanced EPDR searches for and removes from the file system, mail client, and web client installed on user computers.
| Field | Description |
|---|---|
|
Detect viruses |
Detects files that contain patterns classified as dangerous. |
|
Detect hacking tools and PUPs |
Detects unwanted programs (such as programs with intrusive ads and browser toolbars) and tools used by hackers to gain access to your system. |
|
Enables anti-exploit and heuristic technologies that analyze process behavior locally and detect suspicious activity. |
|
|
Detect phishing |
Detects fraudulent emails and websites. |
|
Do not detect threats at the following addresses and domains |
Type IP addresses and domains you want to exclude from phishing scans, separated by commas. This text box is not case-sensitive. Access is allowed to all addresses that start with the specified IP addresses and domains, even if the full URL is longer. |
|
Create Decoy Files to help detect ransomware |
Creates decoy files as bait on computers. These files are permanently monitored by Advanced EPDR. When there is an attempt to modify a decoy file, the security software identifies the process as ransomware and ends the process. |
File types
Specify the types of files to be scanned by Advanced EPDR:
| Field | Description |
|---|---|
|
Scan compressed files on disk |
Decompresses compressed files and scans their contents for malware. |
|
Scan compressed files in emails |
Decompresses email attachments and scans their contents for malware. |
|
Scan all files regardless of their extension when they are created or modified (Not recommended) |
Many types of data files do not pose a threat to the security of computer networks. When you enable this option, the security software scans all files when they are created or modified. For best performance, we recommend that you do not enable this option. |