Views:
  1. In the User Activity on Files section, select which file operations trigger scanning from the Scan files being drop-down.
    • created/modified and retrieved: Scans all files created, modified, or opened on the endpoint

    • created/modified: Scans all files created or modified on the endpoint

    • retrieved: Scans all files opened on the endpoint

  2. In the Files to Scan section, select from the following:
    • All scannable files: Includes all scannable files. Unscannable files are password protected files, encrypted files, or files that exceed the user-defined scanning restrictions.

      Note:

      This option provides the maximum security possible. However, scanning every file requires a lot of time and resources and might be redundant in some situations. Therefore, you might want to limit the amount of files the agent includes in the scan.

    • File types scanned by IntelliScan: Scans files based on true-file type.

    • Files with the following extensions (use commas to separate entries): Manually specify the files to scan based on their extensions. Separate multiple entries with commas.

      Note:

      When configuring a parent policy, specify how other users can configure child policies.

      • Inherit from parent: Child policies must use the settings configured in the parent policy

      • Extend from parent: Child policies can append additional settings to the settings inherited from the parent policy

  3. In the Scan Settings section, configure the required settings.

    Setting

    Description

    Scan floppy disks during shutdown

    Scans floppy disks during shutdown

    Scan network drive

    Scans directories physically located on other endpoints, but mapped to the local endpoint

    Scan the boot sector of the USB storage device after plugging in

    Automatically scans only the boot sector of a USB storage device every time the user plugs it in

    Scan all files in removable storage devices after plugging in

    Automatically scans all files on a USB storage device every time the user plugs it in

    Quarantine malware variants detected in memory

    Behavior Monitoring scans the system memory for suspicious processes and Real-time Scan maps the process and scans it for malware threats. If a malware threat exists, Real-time scan quarantines the process and/or file.

    Note:

    Memory scanning works in conjunction with Anti-exploit Protection in Behavior Monitoring to provide enhanced protection against Fileless Attacks.

    For more information, see Configuring Behavior Monitoring Rules and Exceptions.

    Scan compressed files

    Scans the specified number of compression layers within an archived file

    Note:

    Scanning through more layers may detect malware intentionally buried within a compressed archive, however, the scan may affect system performance.

    Scan OLE objects

    Scans the specified number of Object Linking and Embedding (OLE) layers in a file

    Detect exploit code in OLE files: OLE Exploit Detection heuristically identifies malware by checking Microsoft Office files for exploit code.

    Note:

    The specified number of layers is applicable to both the Scan OLE objects and Detect exploit code in OLE files options.

    Enable IntelliTrap

    Detects malicious code, such as bots, in compressed files

    Enable CVE exploit scanning for files downloaded through web and email channels

    Blocks processes that attempt to exploit known vulnerabilities in commercially available products based on the Common Vulnerabilities and Exposures (CVE) system