North America
  • North America
  • Europe
  • United Kingdom
  • Asia & Pacific
  • Australia
  • South America
  • Africa

Understanding Endpoint Manager Antivirus Section

Release Time
10/30/2017
Views
930 times
Category
Security Sub-System
Tags


 

I)Capabilities in Security Sub-systems - Antivirus:

The Antivirus engine that automatically detects and eliminates viruses and other malware. CCS users can now have the features like on-demand and scheduled scans.

 

The user can also add exclusion rules and run scan on specific location of the device, which can be configured in endpoint manager profiles section

 

Configuring Antivirus settings in endpoint manager:

You can configure the antivirus setting in the profile section. This wiki topic will help you to perform the action

https://wiki.itarian.com/frontend/web/topic/how-to-configure-antivirus-settings-on-windows-profiles

Configuring antivirus in endpoint manager is helpful because changes made in the setting will be reflected in the endpoint devices.

Configuring Antivirus Exclusion settings:

In the exclusion setting if we add the file to the exclusion categories and it will not be scanned in the future. This wiki topic will help you to understand  the exclusion settings.

https://wiki.itarian.com/frontend/web/topic/how-to-define-exclusions-for-files-and-folders

 

Comodo Client Security (CCS) monitors all the new executable on the enrolled devices in the endpoint manager

you can refer the wiki topic how to install the Comodo Client Security (CCS).

https://wiki.itarian.com/frontend/web/topic/how-to-install-additional-comodo-packages

Before you scan the file, antivirus signature database should be up to date, if not initially the signatures will be updated and then scanning is done.

The action module in the CCS provides different options. If it is needed the user can perform the action like clean, ignore once, trusted and add to exclusion.

 

1) Click ‘Security sub-systems’ → ‘Antivirus’ to open the Antivirus interface. The ‘Device list’ displays the devices along with there last scan details, infection status and antivirus database update state.

2) SCAN: It defines the section of the device in which scanning needs to be done and it depends on the type of the device selected.

After performing the scanning operation all the scanned malware files will be displayed in the endpoint manager.

a) Quick scan: Critical areas of the device are scanned

b)Full scan: Complete scan is performed on the device

c)File rating quick scan- The trust rating of the file is determined by running cloud-based assessment on it.

d)SD card scan- It is done only for Android devices.

 

3) Protective Action: If the malware status column will display 'infected' or 'virus found'.It will be used to ignore, delete and quarantine to the malware.

If it is quarantine means and it sends to the windows quarantine section
 

4. Stop scan: The ‘Stop Scan’ button will terminate all types of scan running on an endpoint, including scheduled scans and local scans started by the end-user.

 

5.Current Malware List:

The following actions are needed to be done in order to see endpoint malware files from current malware list interface. This list will be auto-updated after every scan.

  1. windows profile has to be created in the endpoint manager and then choose Antivirus setting on the profile and click ok. Choose block threat option in the antivirus alert while disabled mode

  2. Once after enabling the antivirus field and click save

  3. Execute the malware file in the endpoint and it will take some time to reflect the changes in the current malware list.

The malware file devices can be managed by using this option such as delete, ignore and quarantine.

 

If any file is quarantined from the list means then it will be moved to the 'Windows Quarantine' interface

 

6.Windows Quarantine /OS X Quarantine /Linux Quarantine:

It is used to list all item quarantined by CCS on an enrolled endpoint.

The files which are quarantined from the protective action and current malware list is moved to this interface

  1. Delete file from the device: Admin can delete the file from the device at which was quarantined and from the list.

        2. Restore file on the device: If the file is false positive and it will be restored to its original location and removed from the list

 

7)Threat History:

  1. It shows the log of all malicious items found on android, windows and mac os devices.

  2. It shows the item that has been removed from the devices and those which are still present.

                                                              

8)Clean History: The file list can be cleared using this option.