Define Profile

The Define Profile page manages security profiles. Each security profile represents a different set of of enabled or disabled security options. Changes to a security profile affect all machine IDs assigned that security profile. A security profile is assigned to machine IDs using Security > Assign Profile. Typically different types of machines or networks require different security profiles.

The page provides you with four actions

Save - Saves changes to a security profile.
Save As - Creates a new security profile by saving it using a different name.
Delete - Deletes an existing security profile.
Share - Shares a private security profile. Other administrators, except for master administrators, cannot see private security profiles. Sharing a private security profile makes it a public security profile.
Take Ownership - Take ownership of any public security profile.

To Define or Maintain a Security Profile

Select a security profile from the Select Profile drop down list.
Set options on security profile tabs:
- General
- File Protection
- Mail Protection
- Full Scan
- Exclude Dirs
Click the Save or Save As button to save the security profile.

General

Keep files in quarantine for this many days before deleting - Enter the number of days to store quarantined threats before they are automatically deleted.

Minimum MB To preserve on disk - Enter the minimum number of megabytes to allocate on the disk to the storage of quarantined threats.

Maximum per

centage of disk used - Enter the maximum percentage of disk space to allocate for the storage of quarantined threats.

Allow user to enable/disable Security Protection in agent task menu - If checked:

Enable Security and Cancel Scan options display in the agent task menu of the managed machine.
The user can click the Enable Security option on the agent menu to turn security protection on or off.
The user can click the Cancel Scan option on the agent menu to cancel an ongoing security protection scan.
Note: The administrator can also enable/disable security protection remotely using Security > Enable/Disable.

Scan System Areas on Startup - If checked, security protection scans the following system areas on startup:

Boot sector of disk
Master boot record in the partition table
System registry
System32 files: kernel32.dll, wsock32.dll, user32.dll, shell32.dll, ntoskrnl.exe
System32\Drivers

File Protection

File protection is a memory resident feature. Files are scanned for viruses as they are copied, opened or saved on the managed machine.

Enable File Protection - If check, the following types of files are scanned as they are copied, opened or saved.

386; ASP; BAT; BIN; BMP; BOO; CHM; CLA; CLAS*; CMD; CNM; COM; CPL; DEV; DLL; DO*; DRV; EML; EXE; GIF; HLP; HT*; INI; JPEG*; JPG; JS*; LNK; MD*; MSG; NWS; OCX; OV*; PCX; PGM; PHP*; PIF; PL*; PNG; POT; PP*; SCR; SHS; SMM; SYS; TIF; VBE; VBS; VBX; VXD; WMF; XL*; XML; ZL*;

Scan all files - If selected, all files on the managed machine are scanned.

Scan programs and documents (by extension) - If selected, specifies the file extensions of programs and documents to include or exclude.

Exclude files with these extensions - Specifies the file extensions of programs and documents to exclude from a scan. Excluded extensions have precedence over included extensions. Enter each extension separated by a semi-colon (;) character.

Always scan files with the following extensions - Specifies the file extensions of programs and documents to include in a scan. Enter each extension separated by a semi-colon (;) character.

Also scan files without an extension - If checked, the scan includes files without an extension.

Scan floppy drives - If checked, the scan includes floppy drives.

Use Heuristic Analysis - If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

Scan on close of files - If checked, files are scanned as they are closed.

Scan potentially unwanted programs - If checked, the scan detects executable applications or DLL libraries that could be potentially unwanted programs. Some programs, especially free ones, include adware and may be detected and reported by Kaseya Endpoint Security as a Potentially Unwanted Program.

Scan cookies - If checked, the scan includes internet browser cookies.

Once detected an infected file can be moved or deleted, but it cannot be opened, saved or copied. Use the following list to determine how to set the Disinfect and Delete checkboxes:

Disinfect Yes / Delete Yes - An attempt is made to clean the original file. If cleaning fails, the original file is deleted. The file is not quarantined.
Disinfect Yes / Delete No - An attempt is made to clean the original file. If cleaning fails the original file is moved to quarantine and the original file displays in the Security > View Threats page. If the original file is deleted using the View Threats page, both the quarantined copy and the original file are deleted.
Disinfect No / Delete Yes - No attempt is made to clean the original file. The original file is deleted without putting a copy of the original file in quarantine.
Disinfect No / Delete No - No attempt is made to clean or delete the file. The original file displays in the Security > View Threats page as infected.

Mail Protection

Enable Mail Protection - If checked, inbound and outbound email and attachments are scanned for viruses.

Check Incoming Mail - If checked, incoming email is scanned.

Certification: Some email clients support appending text to email messages certifying that the email has been scanned for viruses.

Do Not Certify - If selected, incoming email is not certified.

Certify all mail - If selected, all incoming email is certified.

Certify mail with attachments only - If selected, only incoming email with attachments are certified.

Check Outgoing Mail - If checked, outgoing email is scanned.

Do Not Certify - If selected, outgoing email is not certified.

Certify all mail - If selected, all outgoing email is certified.

Certify mail with attachments only - If selected, only outgoing email with attachments are certified.

Enable Anti-Spyware engine - If checked, email scanning includes scanning for spyware, adware, and potentially unwanted programs.

Scan Inside Archives - If checked, email archives are scanned.

Automatically move password-protected archives to quarantine - Automatically quarantines password-protected archives. Password-protected archives may contain virus/spyware/malware threats. You can recover password-protected archives using the Security > View Threats page.

Remove all attached executable files - If checked, executables files, whether infected or not, are removed from email.

Remove all attached documents - If checked, attachments, whether infected or not, are removed from email.

Remove files with these extensions - Enter the extensions of files that should be automatically removed from email. Enter each extension separated by a semi-colon (;) character.

Note: The term file in the following discussion refers to an individual email message.

Once detected an infected file can be moved or deleted, but it cannot be opened, saved or copied. Use the following list to determine how to set the Disinfect and Delete checkboxes:

Disinfect Yes / Delete Yes - An attempt is made to clean the original file. If cleaning fails, the original file is deleted. The file is not quarantined.
Disinfect Yes / Delete No - An attempt is made to clean the original file. If cleaning fails the original file is moved to quarantine and the original file displays in the Security > View Threats page. If the original file is deleted using the View Threats page, both the quarantined copy and the original file are deleted.
Disinfect No / Delete Yes - No attempt is made to clean the original file. The original file is deleted without putting a copy of the original file in quarantine.
Disinfect No / Delete No - No attempt is made to clean or delete the file. The original file displays in the Security > View Threats page as infected.

Full Scan

The following types of files are considered 'infectable' files:

EXE type - COM; DRV; EXE; OV?; PGM; SYS; BIN; CMD; DEV; 386; SMM; VXD; DLL; OCX; BOO; SCR; ESL; CLA; CLASS; BAT; VBS; VBE; WSH; HTA; HTM; HTML; ?HTML; CHM; INI; HTT; INF; JS; JSE; HLP; SHS; PRC; PDB; PIF; PHP; ZL?; ASP; LNK; EML; NWS; CPL; WMF
DOC type - DO?; XL?; VBX; RTF; PP?; POT; MDA; MDB; XML; DOC?; DOT?; XLS?; XLT?; XLAM; PPT?; POT?; PPS?; SLD?; PPAM; THMX

Scan all files (except those excluded below) - If checked, all files are scanned for viruses on the managed machine.

Scan infectable files (filter by file content) - If checked, "infectible" files are scanned based on their contents regardless of their file extensions. For example, an exe file could be renamed but still be infected.

Scan infectable files (filter by extension type) - If selected, specifies the file extensions of programs and documents to include or exclude.

Always scan files with the following extensions - Specifies the file extensions of programs and documents to include in a scan. Enter each extension separated by a semi-colon (;) character.

Exclude files with these extensions - Specifies the file extensions of programs and documents to exclude from a scan. Applies to any of the three radio options above. Excluded extensions have precedence over included extensions. Enter each extension separated by a semi-colon (;) character.

Scan System Areas before starting the full scan - If checked, system areas are scanned before the full scan is started.

Scan active processes - These are running applications. Applications can be normal software or virus/spyware/malware.

SCAN NTFS Alternate Data Streams - If checked, scanning includes alternate data streams. Each file in a NTFS volume can support alternate file names and alternate file data. Alternate data streams can hide data, especially rootkits, viruses, trojans, and other forms of malware.

Scan Inside Archives - If checked, scanning includes archive files—such as ZIP and RAR files.

Scan for spyware, adware, etc. - If checked, scanning includes spyware, adware, DLL-trojans, keyloggers and potentially unwanted programs.

Include cookies in spyware scan - If checked, scanning includes spyware cookies.

Include registry in spyware scan - If checked, scanning includes spyware entries in the registry.

Set priority of the scan to - Adjusts the priority of the scan against other tasks being performed on the managed machine.

Do Not Set
Low Priority
Lower Priority
Default Priority
High Priority

Set a pause between files - If set to a value other than None, pauses after each file has been scanned for a specified time period. Pausing increases the performance of other tasks on the managed machine, but increases the time required to perform a full scan.

Once detected an infected file can be moved or deleted, but it cannot be opened, saved or copied. Use the following list to determine how to set the Disinfect and Delete checkboxes:

Disinfect Yes / Delete Yes - An attempt is made to clean the original file. If cleaning fails, the original file is deleted. The file is not quarantined.
Disinfect Yes / Delete No - An attempt is made to clean the original file. If cleaning fails the original file is moved to quarantine and the original file displays in the Security > View Threats page. If the original file is deleted using the View Threats page, both the quarantined copy and the original file are deleted.
Disinfect No / Delete Yes - No attempt is made to clean the original file. The original file is deleted without putting a copy of the original file in quarantine.
Disinfect No / Delete No - No attempt is made to clean or delete the file. The original file displays in the Security > View Threats page as infected.

Exclude Dirs

Add new record - Adds directories excluded from a scan. Some directories may be threat-free but contain files that are erroneously interpreted as malware.

Warning: Do not exclude directories unless the contents of the directories are known to be threat-free.

Topic 2945: Send Feedback. Download a PDF of this online book from the top topic.