Views:

Configure and manage the Anti-Malware scan settings.

Important
Important
  • Policies, Threat Prevention, and the Anti-Malware module are "Pre-release" features and are not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • These features are not available in all regions.
  • Endpoint Security Policies supports agent version 202507 and later. Assigning policies to older agent versions might cause unwanted behavior or fail. Enabling Anti-Malware on older agent versions might cause scheduled scans to run at UTC+0 rather than agent local time zone.
  • Anti-Malware uses several policy resources for configuring scans and exclusions. Configure the resources before configuring Anti-Malware.
  • Navigating between the security modules or leaving the Policy Settings screen discards any unsaved changes. To avoid losing your work, always click Save before leaving the current screen.
  • The Agent Interface provides additional settings including scan notifications. For more information, see Agent Interface.
Anti-Malware proactively detects and eliminates malware threats by analyzing files, processes, and system activities in real time. Utilizing signature-based detection, heuristic analysis, and machine learning, Anti-Malware identifies known and emerging threats, including viruses, ransomware, spyware, and trojans. Anti-Malware also automatically quarantines, deletes, or remediates threats based on severity, keeping systems protected without manual intervention.

Procedure

  1. To allow Anti-Malware to scan and protect your endpoints, select Enable.
  2. Configure the Monitoring level.
    Monitoring level is the degree of vigilance and strictness applied when detecting and responding to potential threats. Higher monitoring levels provide greater sensitivity but might generate a large number of nonessential logs and impact endpoint performance. Trend Micro recommends setting your monitoring level to 2 - Moderate for more relevant data with minimal impact on your endpoints.
    1. To configure the sensitivity of Anti-malware rules, set the Detection level.
    2. To configure the strictness of response actions, set the Prevention level.
      Important
      Important
      The Prevention level must be equal to or lower than the Detection level.
  3. To allow the agent to actively scan folders and endpoint resources commonly targeted by threats, select Enable real-time scan under Scan settings.
  4. To enable a regular scan of the endpoint, add a schedule to the schedule list.
    Important
    Important
    Anti-malware currently only supports one schedule at a time. If you need to change the schedule, select a new schedule, unlink (UnlinkIcon=cd49c720-c38e-48c3-8f38-f121a08be544.png) the current schedule, then add a new one.
    1. To add a new schedule, click Add schedule.
    2. In the Select schedule window, select the schedule you configured in policy resources to use for Anti-Malware scans.
    3. Click Select.
    4. To remove a schedule, click the Unlink icon (UnlinkIcon=cd49c720-c38e-48c3-8f38-f121a08be544.png).
  5. To exclude certain files and directories from Anti-Malware scans, manage the Scan exclusions.
    Important
    Important
    Anti-malware currently only supports selecting one of each type of list at a time. You can change the list at any time or manage the following lists in Policy Resources:
    You can also specify trusted programs to exclude from all security scans in Exclusions.
    1. To manage your selected exclusion lists, click Manage exclusions.
    2. To exclude a list of file directories, select a Directory list you configured in policy resources.
    3. To exclude a list of files, select a File list you configured in policy resources.
    4. To exclude a list of file extensions, select a File extension list you configured in policy resources.
    5. Click Save.