-
In the User Activity on Files section, select
which file operations trigger scanning from the Scan files being
drop-down.
-
created/modified and retrieved: Scans all files created, modified, or opened on the endpoint
-
created/modified: Scans all files created or modified on the endpoint
-
retrieved: Scans all files opened on the endpoint
-
-
In the Files to Scan section,
select from the following:
-
All scannable files: Includes all scannable files. Unscannable files are password protected files, encrypted files, or files that exceed the user-defined scanning restrictions.
Note:This option provides the maximum security possible. However, scanning every file requires a lot of time and resources and might be redundant in some situations. Therefore, you might want to limit the amount of files the agent includes in the scan.
-
File types scanned by IntelliScan: Scans files based on true-file type.
-
Files with the following extensions (use commas to separate entries): Manually specify the files to scan based on their extensions. Separate multiple entries with commas.
Note:When configuring a parent policy, specify how other users can configure child policies.
-
Inherit from parent: Child policies must use the settings configured in the parent policy
-
Extend from parent: Child policies can append additional settings to the settings inherited from the parent policy
-
-
-
In the Scan Settings section,
configure the required settings.
Setting
Description
Scan floppy disks during shutdown
Scans floppy disks during shutdown
Scan network drive
Scans directories physically located on other endpoints, but mapped to the local endpoint
Scan the boot sector of the USB storage device after plugging in
Automatically scans only the boot sector of a USB storage device every time the user plugs it in
Scan all files in removable storage devices after plugging in
Automatically scans all files on a USB storage device every time the user plugs it in
Quarantine malware variants detected in memory
Behavior Monitoring scans the system memory for suspicious processes and Real-time Scan maps the process and scans it for malware threats. If a malware threat exists, Real-time scan quarantines the process and/or file.
Note:Memory scanning works in conjunction with Anti-exploit Protection in Behavior Monitoring to provide enhanced protection against Fileless Attacks.
For more information, see Configuring Behavior Monitoring Rules and Exceptions.
Scan compressed files
Scans the specified number of compression layers within an archived file
Note:Scanning through more layers may detect malware intentionally buried within a compressed archive, however, the scan may affect system performance.
Scan OLE objects
Scans the specified number of Object Linking and Embedding (OLE) layers in a file
Detect exploit code in OLE files: OLE Exploit Detection heuristically identifies malware by checking Microsoft Office files for exploit code.
Note:The specified number of layers is applicable to both the Scan OLE objects and Detect exploit code in OLE files options.
Enable IntelliTrap
Detects malicious code, such as bots, in compressed files
Enable CVE exploit scanning for files downloaded through web and email channels
Blocks processes that attempt to exploit known vulnerabilities in commercially available products based on the Common Vulnerabilities and Exposures (CVE) system
Views: