Views:
To use Anti-Malware, perform these basic steps:

Procedure

  1. Turn on the Anti-Malware module.
  2. Select the types of scans to perform.
  3. Configure scan inclusions.
  4. Configure scan exclusions.
  5. Scan for recommended exclusions on computers.
  6. Ensure that Server & Workload Protection can keep up to date on the latest threats.

What to do next

When you have completed these steps, review Configure malware scans and refine the Anti-Malware scan behavior.
Tip
Tip
For most Anti-Malware settings, you can either configure them for each individual computer or in a policy that applies to multiple computers (for example, to all Windows 2008 Servers). To make management easier, configure the settings in the policy (not individual computers) wherever possible. For more information, see Policies, inheritance, and overrides.
Tip
Tip
CPU usage and RAM usage varies by your Anti-Malware configuration. To optimize Anti-Malware performance on the agent, see Performance tips for Anti-Malware.
For an overview of the Anti-Malware feature, see Protect against malware.

Turn on the Anti-Malware module

Procedure

  1. Go to Policies.
  2. Double-click the policy for which you want to enable Anti-Malware.
  3. Go to Anti-Malware General.
  4. From Anti-Malware State, select On.
  5. Click Save.

Select the types of scans to perform

When Anti-Malware is turned on, Server & Workload Protection needs to know what type of scans it should perform (see Types of malware scans).

Procedure

  1. Go to Policies.
  2. Double-click the policy to configure.
  3. Click Anti-Malware General.
  4. Enable or disable each type of scan: a. To perform the scan using default settings, select Default. b. To perform the scan using a malware scan configuration that you can customize, select a malware scan configuration. c. To disable the scan, for the malware scan configuration select No Configuration.
  5. Click Save.

What to do next

Tip
Tip
Trend Micro recommends that you configure Server & Workload Protection to perform weekly scheduled scans on all protected servers. You can do this using Scheduled Tasks. (See Schedule Server & Workload Protection to perform tasks.)

Configure scan inclusions

To reduce scanning time and minimize the use of computing resources, you can configure malware scans to include only specific folders, files, and file types in all types of scans. You can also include process image files in real-time malware scans that are run on Windows computers. For more information, see Configure malware scan inclusions.
All inclusions are specified by selecting inclusion lists on the Inclusions tab of the Malware Scan Configuration editor. Lists can be either inherited or non-inherited. You can select multiple lists for your inclusions list.
Important
Important
To allow configuring of multiple inclusion lists, you must first select an inclusion list in the malware scan configuration inclusions. Selecting all directories or all files disables adding lists for the inclusion type. For more information, see Configure malware scan inclusions.

Procedure

  1. Go to Policies.
  2. Double-click the policy you want to configure.
  3. Go to Anti-Malware Inclusions.
  4. Select the type of scan type to configure inclusions.
    • Real-time
    • Scheduled
    • Manual
  5. To add all inherited lists, select Use inherited lists.
  6. To add non-inherited lists, select a list from the drop-down and click Add.
  7. To create a new list, select New...
    For details, see Create a list of files for use in policies.
  8. To edit an added list, click the edit icon (edit_icon=e7185c2d-6f93-4c2e-b948-df234b411a9d.png).
  9. To remove a list, click the delete icon (trash_icon=0eda34e9-d4e0-4faa-bfbf-a8c120f1ba1c.png).
  10. Click Save.

Configure scan exclusions

To reduce scanning time and minimize the use of computing resources, you can configure malware scans to exclude specific folders, files, and file types from all types of scans. You can also exclude process image files from real-time malware scans that are run on Windows computers. For more information, see Configure malware scan exclusions.
Tip
Tip
If any performance-related issues are experienced when Server & Workload Protection Anti-Malware protection is enabled, you can use exclusions to help troubleshoot these issues by excluding specific folders or files from scanning.
All exclusions are specified by selecting exclusion lists on the Exclusions tab of the Malware Scan Configuration editor. Lists can be either inherited or non-inherited. You can select multiple lists for your exclusion list.
Important
Important
To allow configuring of multiple exclusion lists, you must first select an exclusion list in the malware scan configuration exclusions. Clearing or disabling an exclusion list disables adding lists for the exclusion type. For more information, see Configure malware scan exclusions.

Procedure

  1. Go to Policies.
  2. Double-click the policy you want to configure.
  3. Go to Anti-Malware Exclusions.
  4. To configure exclusions for Real-time scan, click Real-time.
  5. Configure Recommended Scan settings for Real-time scans.
    Important
    Important
    Recommended Exclusions is not available in all regions.
    Automatically assigning recommended exclusions is an Advanced Server & Workload Protection feature. Applying Advanced Server & Workload Protection allocates credits per endpoint the policy is applied to.
    1. To manage whether agents can use recommendation scan results to dynamically apply exclusions, configure the setting for Automatically assign application-based recommended exclusions.
      • Inherited: Use the parent policy settings.
      • No: Do not automatically assign recommended exclusions.
      • Yes: Automatically assign recommended exclusions.
    2. To manage recommended exclusions manually, click Assign/Unassign in the Assigned Recommended Exclusions list.
    3. Select the applications you want to exclude from real-time scans.
  6. Configure the exclusion lists.
    The following lists can be configured by navigating between Real-Time, Scheduled, and Manual.
    • File List
    • Directory List
    • File Extension List
    • Process Image File List (Real-Time scan only)
  7. To add all inherited lists, select Use inherited lists.
  8. To add non-inherited lists, select a list and click Add.
  9. To create a new list, select New...
    For details, see Create a list of files for use in policies.
  10. To edit an added list, click the edit icon (edit_icon=e7185c2d-6f93-4c2e-b948-df234b411a9d.png).
  11. To remove a list, click the delete icon (trash_icon=0eda34e9-d4e0-4faa-bfbf-a8c120f1ba1c.png).
  12. Click Save.

Scan for recommended exclusions on computers

To discover if any applications Trend Micro recommends for Anti-Malware exclusions are installed on your endpoints, you can scan for recommendations from the Computer editor.

Procedure

  1. Go to Computers and open the computer editor for the endpoint you want to manage.
  2. Go to Anti-MalwareExclusionsReal-time.
  3. Under Recommended Exclusions, click Scan For Recommendations.
    The agent scans the endpoint for any installed application on the Recommended Exclusions list. The process might take up to 10 minutes to complete. You can refresh the screen to check for the results. The Last Scan for Recommendations should update once complete.
  4. After the scan completes, check the number of Detected Applications.
    If the number is 0, the endpoint does not have any recommended applications not already added to the Assigned Recommeneded Exclusions list.
  5. To assign more exclusions, click Assign/Unassign.
  6. Filter the list for Recommended for Assignment.
  7. Select the applications you want to exclude and click OK.
  8. Click Save to save the settings.
  9. To clear the recommendation scan results, click Clear Recommendations.

Ensure that Server & Workload Protection can keep up to date on the latest threats

To remain effective against new viruses and exploits, agents need to be able to download the latest software and component update packages from Trend Micro or indirectly, from your own Relay. These packages contain threat definitions and patterns. Relay-enabled agents, organized into relay groups (also managed and configured by Server & Workload Protection) retrieve component updates from Trend Micro, and then distribute them to other agents and appliances.

Procedure

  1. Go to Administration System Settings Updates.
  2. Configure Server & Workload Protection's ability to retrieve component updates from Trend Micro. Make sure you have at least one relay-enabled agent, and it is assigned to the appropriate agents and appliances. To determine if an agent is a relay, next to a computer, click Preview.
    configure-anti-malware_check-for-relay=5dee4790-f4f6-413b-be85-16966a0487dd.png
  3. Go to Administration Scheduled Tasks.
  4. Verify that there is a scheduled task to regularly download available updates for both component and software updates.