Configuring antimalware capabilities in a policy
Configure the following Antimalware capabilities in the policy:
Capability | Description |
|---|---|
Detection Level | Symantec Protection Engine 8.0: The Detection Level defines how sensitive the Insight feature is to a file's reputation score. Higher the aggression level, more are the number of files that are detected as threats. However, there is a possibility of false positives. Symantec Protection Engine 8.1 and later: Select the detection level for threat detection technologies. Higher the detection level, more are the number of files that are detected as threats. However, there is a possibility of false positives. Following are the scanning aggression levels:
In Symantec Protection Engine 8.0, Known Bad is considered as Low. |
Monitoring Level | Symantec Protection Engine 8.2 and later: Select the monitoring level to report suspicious detections. Higher the monitoring level, more are the number of suspicious activities reported. Make sure you configure the Monitoring Level higher than or equal to the Detection Level. |
File Insight | Symantec Insight is a file-based detection technology that classifies files as good or bad. The files are classified by examining the file properties, usage patterns, or users of a given file rather than scanning it. Insight-based security puts files in context, using their age, frequency, location, and more to expose the threats that are otherwise missed. |
Mobile Insight | Symantec Protection Engine lets you classify untrusted APK files by using Mobile Insight feature. Mobile Insight uses the Symantec’s mobile intelligence framework that leverages the data from a number of sources. |
Active Content | Symantec Protection Engine 8.2 and later: Enable active content filtering in Symantec Protection Engine. |
File Scan Action | The following actions can be taken for every file through this policy:
|
Deleted File Notification Text | Customize a message to notify the users when an infected file is deleted. |
Access Denied Message | Customize a message to notify the users when an access to the infected file is denied. |
Infected File Notification Text | Customize a message to notify the users when an infected file is detected. |
Total Threat Found Notification Text | Customize a message to notify the users for total number of threats found in a message. |
- To configure the antimalware capabilities in a policy
- In the centralized console, navigate to thePolicy > Storage Policiespage.
- Click the + icon on the top right corner of the page.
- Configure theDetection Levelfor the anti-malware policy.Higher the detection level, more are the number of files that are detected as threats.
- Select theMonitoring Levelfor the anti-malware policy.Higher the monitoring level, more are the number of suspicious activities reported.
- SelectEnableforFile Insightif you want to classify files based as good or bad based on their usage patterns.
- SelectEnableto enableMobile Insightif you want to classify untrusted APK files.
- SelectEnableforActive Contentif you want to filter the active content from the documents.
- Select one of the following scan actions:
- Scan: Scan the file for threats. Deny access to the infected file, but do nothing to the infected file.
- Repair-Delete: Scan the file for threats. Try to repair the infected file, and delete any unrepairable file from archive files.Symantec Protection Engine 8.1 and later versions do not support file repair.
- In theDeleted File Notification Textfield, configure the message to notify the users when an infected file is deleted.
- In theAccess Denied Messagefield, configure the message to notify the users when an access to the infected file is denied.
- In theInfected File Notification Textfield, configure the message to notify the users when an infected file is detected.
- In theTotal Threat Found Notification Textfield, configure the message to notify the users for total number of threats found in a message.