To use Anti-Malware, perform these basic steps:
Procedure
What to do next
When you have completed these steps, review Configure malware scans and refine the Anti-Malware scan behavior.
TipFor most Anti-Malware settings, you can either configure them for each individual
computer or in a policy that applies to multiple computers (for example, to all Windows
2008 Servers). To make management easier, configure the settings in the policy (not
individual computers) wherever possible. For more information, see Policies, inheritance, and overrides.
|
TipCPU usage and RAM usage varies by your Anti-Malware configuration. To optimize Anti-Malware
performance on the agent, see Performance tips for Anti-Malware.
|
For an overview of the Anti-Malware feature, see Protect against malware.
Turn on the Anti-Malware module
Procedure
- Go to Policies.
- Double-click the policy for which you want to enable Anti-Malware.
- Go to .
- From Anti-Malware State, select On.
- Click Save.
Select the types of scans to perform
When Anti-Malware is turned on, Server & Workload Protection needs to know what
type of scans it should perform (see Types of malware scans).
Procedure
- Go to Policies.
- Double-click the policy to configure.
- Click .
- Enable or disable each type of scan: a. To perform the scan using default settings, select Default. b. To perform the scan using a malware scan configuration that you can customize, select a malware scan configuration. c. To disable the scan, for the malware scan configuration select No Configuration.
- Click Save.
What to do next
TipTrend Micro recommends that you configure Server & Workload Protection to perform
weekly scheduled scans on all protected servers. You can do this using
Scheduled Tasks. (See Schedule
Server & Workload Protection to perform
tasks.)
|
Configure scan inclusions
To reduce scanning time and minimize the use of computing resources, you can configure
Workload
Security malware scans to include only specific folders, files, and file types
in all types of scans. You can also include process image files in real-time
malware scans that are run on Windows computers. For more information, see Specify the files to scan.
All inclusions are specified by selecting inclusion lists on the Inclusions tab of the Malware Scan Configuration editor. Lists can be either inherited or non-inherited.
You can select multiple lists for your inclusions list.
Procedure
- Go to Policies.
- Double-click the policy for which you want to enable Anti-Malware.
- Go to .
- Select the type of scan to which you want to add the inclusions: - Real-time - Scheduled - Manual
- To add all of the inherited lists, select Use inherit list.
- To add non-inherited lists, select the lists from the drop-down and select Add. - To create a new list, select New. For details, see Create a list of files for use in policies. - To delete a non-inherited list, select its garbage can icon. To remove inherited lists, you must deselect Use inherited lists.
- Select Save.
Configure scan exclusions
To reduce scanning time and minimize the use of computing resources, you can configure
Workload
Security malware scans to exclude specific folders, files, and file types from
all types of scans. You can also exclude process image files from real-time
malware scans that are run on Windows computers. For more information, see Specify the files to scan.
TipIf any performance-related issues are experienced when Server & Workload Protection Anti-Malware protection is enabled, you can use exclusions to help
troubleshoot these issues by excluding specific folders or files from
scanning.
|
All exclusions are specified by selecting exclusion lists on the Exclusions tab of the Malware Scan Configuration editor. Lists can be be either inherited or
non-inherited. You can select multiple lists for your exclusion list.
Procedure
- Go to Policies.
- Double-click the policy for which you want to enable Anti-Malware.
- Go to .
- Select the type of scan to which you want to add the exclusions: - Real-time - Scheduled - Manual
- To add all of the inherited lists, select Use inherited lists
- To add non-inherited lists, select the lists from the drop-down and select Add. - To create a new list, select New. For details, see Create a list of files for use in policies. - To delete a non-inherited list, select its garbage can icon. To remove inherited lists, you must deselect Use inherited lists.
- Select Save.
Ensure that Server & Workload Protection can keep up to date on the latest threats
To remain effective against new viruses and exploits, agents need to be able to download
the
latest software and security update packages from Trend Micro or indirectly,
from your own Relay. These packages contain threat definitions and patterns.
Relay-enabled agents, organized into relay groups (also managed and configured
by Server & Workload Protection) retrieve security updates from
Trend Micro, and then distribute them to other agents and appliances.
Procedure
- Go to
- Configure Server & Workload Protection's ability to retrieve security updates
from Trend Micro. Make sure you have at least one relay-enabled agent, and
it is assigned to the appropriate agents and appliances. To determine if an
agent is a relay, next to a computer, click Preview.
- Go to .
- Verify that there is a scheduled task to regularly download available updates for
both security and software updates.