Security Settings

  1. Go to Agents > Global Agent Settings,
  2. Click the Security Settings tab.
  3. Configure settings as required.

    Section

    Settings

    Scan Settings (general)

    • Exclude the Apex One server database folder from Real-time Scan: Prevents the Security Agent installed on the Apex One server from scanning the Apex One server database

    • Exclude Microsoft Exchange server folders and files from scans: Prevents the Security Agent installed on the Microsoft Exchange server from scanning the following Exchange server folders:

      • The following folders in \Exchsrvr\Mailroot\vsi 1: Queue, PickUp, and BadMail

      • .\Exchsrvr\mdbdata, including these files: priv1.stm, priv1.edb, pub1.stm, and pub1.edb

      • .\Exchsrvr\Storage Group

      For Microsoft Exchange 2007 or later folders, you need to manually add the folders to the scan exclusion list. For scan exclusion details, see the following website:

      http://technet.microsoft.com/en-us/library/bb332342.aspx

    • Enable deferred scanning on file operations: Allows users to copy files and then scans the files after the copy process completes to improve the performance of the copy and scan processes

      Important:

      Deferred scanning requires that the Virus Scan Engine (VSAPI) be version 9.713 or later.

    • Enable Early Launch Anti-Malware protection on endpoints: Allows the Security Agent to load and start scanning before other third-party software drivers during start up (only supported on Windows 8, Windows Server 2012 or later versions)

      Note:

      After scanning all third-party software drivers, the Security Agent reports the driver classification information to the system kernel. Administrators can define actions based on the driver classifications in Group Policy in Windows and view scan results using Event Viewer on endpoints.

    Scan Settings for Large Compressed Files

    In the Real-time Scan and Manual Scan/Scheduled Scan/Scan Now sections, configure the following settings:

    • Do not scan files if the compressed file size exceeds XX MB: Enables the Security Agent to check the sizes of individual files within a compressed archive and skips scanning files if the individual file size exceeds the configured threshold

    • In a compressed file, scan only the first XX files: Prevents the Security Agent from scanning all files in archives that contain more files than the configured threshold

    Virus/Malware Scan Settings Only

    Clean/Delete infected files within compressed files: The Security Agent attempts to perform the "Clean" or "Delete" action on compressed files within certain archive types that contain malware threats

    Note:

    The Security Agent only attempts to "Clean" or "Delete" malware threats within compressed archives if you have configured the "Clean" or "Delete" action for the type of malware detected.

    Spyware/Grayware Scan Settings Only

    • Enable assessment mode: The Security Agent logs all spyware/grayware detections until the configured date and takes the following action depending on scan type:

      • Pass: During Manual Scan, Scan Now, and Scheduled Scan, the Security Agent only logs the detection

      • Deny Access: During Real-time Scan, the Security Agent prevents the spyware/grayware from executing and logs the detection

      Note:

      Assessment mode overrides any user-configured scan action. For example, even if you choose "Clean" as the scan action during Manual Scan, "Pass" remains as the scan action when the Security Agent is in assessment mode.

    • Scan for cookies: The Security Agent scans all cookies for spyware/grayware

      • Count cookie into spyware log: The Security Agent creates logs for cookies detected as spyware/grayware

    Scheduled Scan Settings

    • Remind users of the Scheduled Scan XX minutes before it runs: Displays a notification message on the endpoint before Scheduled Scan begins

      Note:

      You can disable the notification message on the Other Settings tab of the Privileges and Other Settings screen.

    • Postpone Scheduled Scan for up to XX hour(s) and XX minute(s): Sets the maximum amount of time users with the Postpone Scheduled Scan privilege can delay or pause a Scheduled Scan for

      Note:

      You can grant the Postpone Scheduled Scan privilege on the Privileges tab of the Privileges and Other Settings screen.

    • Automatically stop Scheduled Scan when scanning lasts more than XX hour(s) and XX minute(s): Stops a long Scheduled Scan after reaching the configured time duration

    • Skip Scheduled Scan when a wireless endpoint's battery life is less than XX% and its AC adapter is unplugged: Prevents the Security Agent from starting a Scheduled Scan if the battery life is low

    Resume Scheduled Scan

    • Resume an interrupted Scheduled Scan: Resumes a Scheduled Scan at the specified time if the user interrupted the scan by turning off the endpoint

    • Resume a missed Scheduled Scan: Starts a Scheduled Scan at the specified time if the endpoint was not running when the Scheduled Scan should have started

    Firewall Settings

    • Send firewall logs to the server every: Sets the frequency that Security Agents with the Allow Security Agents to send firewall logs to the Apex One server privilege send Firewall logs to the server

      Note:

      You can grant the Allow Security Agents to send firewall logs to the Apex One server privilege on the Privileges tab of the Privileges and Other Settings screen.

    • Update the Apex One firewall driver only after a system restart: Prevents the Security Agent from attempting to update the Common Firewall Driver during normal operations

    • Send firewall log count information to the Apex One server hourly to determine the possibility of a firewall outbreak: Enables the Security Agent to send Firewall detection counts to the Apex One hourly

    Suspicious Connection Settings

    Edit User-defined IP List: Administrators can configure the Security Agent to allow, block, or log all connections between agents and user-defined C&C IP addresses

    For more information, see Configuring Global User-defined IP List Settings.

    Behavior Monitoring Settings

    Automatically take action if the user does not respond within: XX second(s): Sets the maximum amount of time that users have before Behavior Monitoring allows a program to execute

    Note:

    You must enable Event Monitoring and set the action for the particular event to Ask when necessary before the Security Agent displays the prompt.

  4. Click Save.