Configuring antimalware capabilities in a policy

Configure the following Antimalware capabilities in the policy:
Antimalware capabilities
Capability
Description
Detection Level
Symantec Protection Engine 8.0:
The Detection Level defines how sensitive the Insight feature is to a file's reputation score. Higher the aggression level, more are the number of files that are detected as threats. However, there is a possibility of false positives.
Symantec Protection Engine 8.1 and later:
Select the detection level for threat detection technologies. Higher the detection level, more are the number of files that are detected as threats. However, there is a possibility of false positives.
Following are the scanning aggression levels:
  • Known Bad
  • Low
  • Medium
  • High
In Symantec Protection Engine 8.0, Known Bad is considered as Low.
Monitoring Level
Symantec Protection Engine 8.2 and later:
Select the monitoring level to report suspicious detections. Higher the monitoring level, more are the number of suspicious activities reported.
Make sure you configure the Monitoring Level higher than or equal to the Detection Level.
File Insight
Symantec Insight is a file-based detection technology that classifies files as good or bad. The files are classified by examining the file properties, usage patterns, or users of a given file rather than scanning it. Insight-based security puts files in context, using their age, frequency, location, and more to expose the threats that are otherwise missed.
Mobile Insight
Symantec Protection Engine lets you classify untrusted APK files by using Mobile Insight feature. Mobile Insight uses the Symantec’s mobile intelligence framework that leverages the data from a number of sources.
Active Content
Symantec Protection Engine 8.2 and later:
Enable active content filtering in Symantec Protection Engine.
File Scan Action
The following actions can be taken for every file through this policy:
  • Scan
    Set the policy to scan the files for detecting malware.
  • Repair-Delete
    Set the policy to repair or delete a file.
    Symantec Protection Engine 8.1 and later versions do not support file repair.
Deleted File Notification Text
Customize a message to notify the users when an infected file is deleted.
Access Denied Message
Customize a message to notify the users when an access to the infected file is denied.
Infected File Notification Text
Customize a message to notify the users when an infected file is detected.
Total Threat Found Notification Text
Customize a message to notify the users for total number of threats found in a message.
  1. To configure the antimalware capabilities in a policy
  2. In the centralized console, navigate to the
    Policy > Storage Policies
    page.
  3. Click the + icon on the top right corner of the page.
  4. Configure the
    Detection Level
    for the anti-malware policy.
    Higher the detection level, more are the number of files that are detected as threats.
  5. Select the
    Monitoring Level
    for the anti-malware policy.
    Higher the monitoring level, more are the number of suspicious activities reported.
  6. Select
    Enable
    for
    File Insight
    if you want to classify files based as good or bad based on their usage patterns.
  7. Select
    Enable
    to enable
    Mobile Insight
    if you want to classify untrusted APK files.
  8. Select
    Enable
    for
    Active Content
    if you want to filter the active content from the documents.
  9. Select one of the following scan actions:
    • Scan
      : Scan the file for threats. Deny access to the infected file, but do nothing to the infected file.
    • Repair-Delete
      : Scan the file for threats. Try to repair the infected file, and delete any unrepairable file from archive files.
      Symantec Protection Engine 8.1 and later versions do not support file repair.
  10. In the
    Deleted File Notification Text
    field, configure the message to notify the users when an infected file is deleted.
  11. In the
    Access Denied Message
    field, configure the message to notify the users when an access to the infected file is denied.
  12. In the
    Infected File Notification Text
    field, configure the message to notify the users when an infected file is detected.
  13. In the
    Total Threat Found Notification Text
    field, configure the message to notify the users for total number of threats found in a message.