Understanding ITSM Antivirus

Release Time
11/02/2017
Views
210 times
Category
Security Sub-System
Tags

 

I)ITSM ‘Antivirus’ Interface:

The Antivirus engine that automatically detects and eliminates viruses and other malware. CCS users can now have the features like on-demand and scheduled scans.

 

The user can also add exclusion rules and run scan on specific location of the device, which can be configured in ITSM profiles section

 

Antivirus flow :

Configuring Antivirus settings in ITSM:

You can configure the antivirus setting in the profile section. This wiki topic will help you to perform the action

https://wiki.comodo.com/frontend/web/topic/how-to-configure-antivirus-settings-on-windows-profiles

Configuring antivirus in ITSM is helpful because changes made in the setting will be reflected in the endpoint devices.

Configuring Antivirus Exclusion settings:

In the exclusion setting if we add the file to the exclusion categories and it will not be scanned in the future.This wiki topic will help you to understand about the exclusion settings.

https://wiki.comodo.com/frontend/web/topic/how-to-define-exclusions-for-files-and-folders

 

Comodo Client Security (CCS) monitors all the new executable on the enrolled devices in the ITSM

you can refer the wiki topic how to install the Comodo Client Security (CCS).

https://wiki.comodo.com/frontend/web/topic/how-to-install-additional-comodo-packages

Before you scan the file, antivirus signature database should be up to date, if not initially the signatures will be updated and then scanning is done.

The action module in the CCS provides different options.If it is needed the user can perform the action like clean, ignore once, trusted and add to exclusion.

 

1) Click ‘Security sub-systems’ → ‘Antivirus’ to open the Antivirus interface. The ‘Device list’ displays the devices along with there last scan details, infection status and antivirus database update state.

2) SCAN: It defines the section of the device in which scanning needs to be done and it depends on the type of the device selected.

After performing the scanning operation all the scanned malware files will be displayed in the ITSM.

a) Quick scan: Critical areas of the device are scanned

b)Full scan: Complete scan is performed on the device

c)File rating quick scan- The trust rating of the file is determined by running cloud-based assessment on it.

d)SD card scan- It is done only for Android devices.

 

3) Protective Action: If the malware status column will display 'infected' or 'virus found'.It will be used to ignore, delete and quarantine to the malware.

If it is quarantine means and it sends to the windows quarantine section

4.Current Malware List:

The following actions are needed to be done in order to see endpoint malware files from current malware list interface. This list will be auto-updated after every scan.

  1. windows profile has to be created in the ITSM and then choose Antivirus setting on the profile and click ok. Choose block threat option in the antivirus alert while disabled mode

  2. Once after enabling the antivirus field and click save

  3. Execute the malware file in the endpoint and it will take some time to reflect the changes in the current malware list.

The malware file devices can be managed by using this option such as delete, ignore and quarantine.

 

If any file is quarantined from the list means then it will be moved to the 'Windows Quarantine' interface

 

5.Windows Quarantine /OS X Quarantine:

It is used to list all item quarantined by CCS on an enrolled endpoint.

The files which are quarantined from the protective action and current malware list is moved to this interface

  1. Delete file from the device: Admin can delete the file from the device at which was quarantined and from the list.

        2.Restore file on device: If the file is false positive and it will be restored to its original location and removed from the list

6)Threat History:

  1. It shows the log of all malicious items found on android, windows and mac os devices.

  2. It shows the item that has been removed from the devices and those which are still present.

                                                              

7)Clean History: The file list can be cleared using this option.