Views:

Procedure

  1. In the User Activity on Files section, select which file operations trigger scanning from the Scan files being drop-down.
    • created/modified and retrieved: Scans all files created, modified, or opened on the endpoint
    • created/modified: Scans all files created or modified on the endpoint
    • retrieved: Scans all files opened on the endpoint
  2. In the Files to Scan section, select from the following:
    • All scannable files: Includes all scannable files. Unscannable files are password protected files, encrypted files, or files that exceed the user-defined scanning restrictions.
      Note
      Note
      This option provides the maximum security possible. However, scanning every file requires a lot of time and resources and might be redundant in some situations. Therefore, you might want to limit the amount of files the agent includes in the scan.
    • File types scanned by IntelliScan: Scans files based on true-file type.
    • Files with the following extensions (use commas to separate entries): Manually specify the files to scan based on their extensions. Separate multiple entries with commas.
      Note
      Note
      When configuring a parent policy, specify how other users can configure child policies.
      • Inherit from parent: Child policies must use the settings configured in the parent policy
      • Extend from parent: Child policies can append additional settings to the settings inherited from the parent policy
  3. In the Scan Settings section, configure the required settings.
    Setting
    Description
    Scan floppy disks during shutdown
    Scans floppy disks during shutdown
    Scan network drive
    Scans directories physically located on other endpoints, but mapped to the local endpoint
    Scan the boot sector of the USB storage device after plugging in
    Automatically scans only the boot sector of a USB storage device every time the user plugs it in
    Scan all files in removable storage devices after plugging in
    Automatically scans all files on a USB storage device every time the user plugs it in
    Quarantine malware variants detected in memory
    Behavior Monitoring scans the system memory for suspicious processes and Real-time Scan maps the process and scans it for malware threats. If a malware threat exists, Real-time scan quarantines the process and/or file.
    Note
    Note
    Memory scanning works in conjunction with Anti-exploit Protection in Behavior Monitoring to provide enhanced protection against Fileless Attacks.
    For more information, see Configuring Behavior Monitoring Rules and Exceptions.
    Scan compressed files
    Scans the specified number of compression layers within an archived file
    Note
    Note
    Scanning through more layers may detect malware intentionally buried within a compressed archive, however, the scan may affect system performance.
    Scan OLE objects
    Scans the specified number of Object Linking and Embedding (OLE) layers in a file
    Detect exploit code in OLE files: OLE Exploit Detection heuristically identifies malware by checking Microsoft Office files for exploit code.
    Note
    Note
    The specified number of layers is applicable to both the Scan OLE objects and Detect exploit code in OLE files options.
    Enable IntelliTrap
    Detects malicious code, such as bots, in compressed files
    Enable CVE exploit scanning for files downloaded through web and email channels
    Blocks processes that attempt to exploit known vulnerabilities in commercially available products based on the Common Vulnerabilities and Exposures (CVE) system