Next Topic

Previous Topic

Book Contents

Define Profile

Security > Define Profile

The Define Profile page manages security profiles. Each security profile represents a different set of of enabled or disabled security options. Changes to a security profile affect all machine IDs assigned that security profile. A security profile is assigned to machine IDs using Security > Assign Profile. Typically different types of machines or networks require different security profiles.

The page provides you with four actions

  • Save - Saves changes to a security profile. Applies only to user-defined profiles.
  • Save As - Creates a new security profile by saving it using a different name.
  • Delete - Deletes an existing security profile. Applies only to user-defined profiles.
  • Share - Shares a private security profile. Applies only to user-defined profiles. Other administrators, except for master administrators, cannot see private security profiles. Sharing a private security profile makes it a public security profile.
  • Take Ownership - Take ownership of any public security profile.

To Define or Maintain a Security Profile

  1. Select a security profile from the Select Profile drop down list.
  2. Set options on security profile tabs:
    • General
    • File Protection
    • Mail Protection
    • Full Scan
    • Exchange
    • Exclude Dirs
    • Exclude PUPs
  3. Click the Save or Save As button to save the security profile.

General

Maximum Size of the Vault: <N>% of Local Disk - Enter the maximum percentage of disk space to allocate for the storage of quarantined threats.

Minimum Available Space to Remain on Local Disk - Enter the minimum number of megabytes to allocate on the disk to the storage of quarantined threats.

Automatic File Deletion - If checked, enables the Delete Files Older than <N> Days option.

Delete Files Older than <N> Days - Enter the number of days to store quarantined threats before they are automatically deleted.

Maximum Number of file to Store - Enter the maximum number of quarantined threats to store.

Display option to Enable/Disable Security Protection in Agent Icon Menu - If checked:

  • Enable Security and Cancel Scan options display in the agent task menu of the managed machine.
  • The user can click the Enable Security option on the agent menu to turn security protection on or off.
  • The user can click the Cancel Scan option on the agent menu to cancel an ongoing security protection scan.

    Note: The administrator can also enable/disable security protection remotely using Security > Enable/Disable.

Run System Scan upon KES Start Up - If checked, security protection scans the following system areas on startup:

  • Boot sector of disk
  • Master boot record in the partition table
  • System registry
  • System32 files: kernel32.dll, wsock32.dll, user32.dll, shell32.dll, ntoskrnl.exe
  • System32\Drivers

Delete and don't report tracking cookies - If checked, tracking cookies are deleted automatically.

Note: Checking this option is recommended, because it removes many rows of data from the View Threats page.

Resident Protect

Resident protect is a memory-resident feature.

Enable Resident Protection - If check, the following types of files are scanned as they are copied, opened or saved.

386; ASP; BAT; BIN; BMP; BOO; CHM; CLA; CLASS; CMD; CNM; COM; CPL; DEV; DLL; DO*; DRV; EML; EXE; GIF; HLP; HT*; INI; JPEG*; JPG; JS*; LNK; MD*; MSG; NWS; OCX; OV*; PCX; PGM; PHP*; PIF; PL*; PNG; POT; PP*; SCR; SHS; SMM; SYS; TIF; VBE; VBS; VBX; VXD; WMF; XL*; XML; ZL*;

Scan all files - If selected, all files on the managed machine are scanned.

Scan infectible files and Selected Document Types - If selected, specifies the additional file extensions of programs and documents to include or exclude.

Exclude files with the following extensions from the scan - Specifies the file extensions of programs and documents to exclude from a scan. Excluded extensions have precedence over included extensions. Enter each extension separated by a semi-colon (;) character.

Always scan files with the following extensions - Specifies the file extensions of programs and documents to include in a scan. Enter each extension separated by a semi-colon (;) character.

Scan files without an extension - If checked, the scan includes files without an extension.

Scan floppy drives - If checked, the scan includes floppy drives.

Use Heuristic Analysis - If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

Scan on File Close - If checked, files are scanned as they are closed.

Scan potentially unwanted programs - If checked, the scan detects executable applications or DLL libraries that could be potentially unwanted programs. Some programs, especially free ones, include adware and may be detected and reported by Kaseya Endpoint Security as a Potentially Unwanted Program.

Scan cookies - If checked, the scan includes internet browser cookies.

Once detected an infected file can be moved or deleted, but it cannot be opened, saved or copied. Use the following list to determine how to set the Disinfect and Delete checkboxes:

  • Disinfect Yes / Delete Yes - An attempt is made to clean the original file. If cleaning fails, the original file is deleted. The file is not quarantined.
  • Disinfect Yes / Delete No - An attempt is made to clean the original file. If cleaning fails the original file is moved to quarantine and the original file displays in the Security > View Threats page. If the original file is deleted using the View Threats page, both the quarantined copy and the original file are deleted.
  • Disinfect No / Delete Yes - No attempt is made to clean the original file. The original file is deleted without putting a copy of the original file in quarantine.
  • Disinfect No / Delete No - No attempt is made to clean or delete the file. The original file displays in the Security > View Threats page as infected.

Email Protection

Enable Email Protection - If checked, inbound and outbound email and attachments are scanned for viruses.

Note: This email protection applies to local email clients, such as Outlook, installed on the managed machine. It does not apply to email protection for MS Exchange Servers

Check Incoming Mail - If checked, incoming email is scanned.

Certification: Some email clients support appending text to email messages certifying that the email has been scanned for viruses.

Do Not Certify Mail - If selected, incoming email is not certified.

Certify all Mail - If selected, all incoming email is certified.

Only Certify Mail with Attachments - If selected, only incoming email with attachments are certified.

Incoming Mail Certification - Certification text appended to incoming email.

Check Outgoing Mail - If checked, outgoing email is scanned.

Do Not Certify - If selected, outgoing email is not certified.

Certify all mail - If selected, all outgoing email is certified.

Only Certify Mail with Attachments - If selected, only outgoing email with attachments are certified.

Outgoing Mail Certification - Certification text appended to outgoing email.

Modify Subject for Messages Marked as Virus - Adds prefix text to the subject of a message that contains a virus.

Use Heuristic Analysis - Applies to an email message. If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

Enable Anti-Spyware - If checked, email scanning includes scanning for spyware, adware, and potentially unwanted programs.

Scan Attached Archives (RAR, RAR 3.0, ZIP, ARJ, CAB) - If checked, email archives are scanned.

Automatically Move Password Protected Archives to Quarantine - Automatically quarantines password-protected archives. Password-protected archives may contain virus/spyware/malware threats. You can recover password-protected archives using the Security > View Threats page.

Use Heuristic E-Mail Message Filter - Applies to an email attachment. If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

Remove Attachments - If checked, remove all executable files or documents, whether infected or not, from the email.

Remove All Executable Files - If checked, executables files, whether infected or not, are removed from email.

Remove All Documents - If checked, documents, whether infected or not, are removed from email.

Remove files with These Extensions - Enter the extensions of files that should be automatically removed from email. Enter each extension separated by a semi-colon (;) character.

Note: The term file in the following discussion refers to an individual email message.

Once detected an infected file can be moved or deleted, but it cannot be opened, saved or copied. Use the following list to determine how to set the Disinfect and Delete checkboxes:

  • Disinfect Yes / Delete Yes - An attempt is made to clean the original file. If cleaning fails, the original file is deleted. The file is not quarantined.
  • Disinfect Yes / Delete No - An attempt is made to clean the original file. If cleaning fails the original file is moved to quarantine and the original file displays in the Security > View Threats page. If the original file is deleted using the View Threats page, both the quarantined copy and the original file are deleted.
  • Disinfect No / Delete Yes - No attempt is made to clean the original file. The original file is deleted without putting a copy of the original file in quarantine.
  • Disinfect No / Delete No - No attempt is made to clean or delete the file. The original file displays in the Security > View Threats page as infected.

Full Scan

Scan System Areas before Scan Begins - If checked, system areas are scanned before the full scan is started.

Scan Active Processes for Viruses - These are running applications. Applications can be normal software or virus/spyware/malware.

Use Heuristic Analysis - If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

SCAN NTFS Alternate Data Streams - If checked, scanning includes alternate data streams. Each file in a NTFS volume can support alternate file names and alternate file data. Alternate data streams can hide data, especially rootkits, viruses, trojans, and other forms of malware.

Scan All Files Except Those Identified In Exceptions - If checked, all files are scanned for viruses on the managed machine.

Scan infectible files - If checked, "infectible" files are scanned based on their contents regardless of their file extensions. For example, an exe file could be renamed but still be infected. The following types of files are considered 'infectible' files:

  • EXE type - COM; DRV; EXE; OV?; PGM; SYS; BIN; CMD; DEV; 386; SMM; VXD; DLL; OCX; BOO; SCR; ESL; CLA; CLASS; BAT; VBS; VBE; WSH; HTA; HTM; HTML; ?HTML; CHM; INI; HTT; INF; JS; JSE; HLP; SHS; PRC; PDB; PIF; PHP; ZL?; ASP; LNK; EML; NWS; CPL; WMF
  • DOC type - DO?; XL?; VBX; RTF; PP?; POT; MDA; MDB; XML; DOC?; DOT?; XLS?; XLT?; XLAM; PPT?; POT?; PPS?; SLD?; PPAM; THMX

Add Extensions - Specifies the file extensions of programs and documents to include in a scan. Enter each extension separated by a semi-colon (;) character.

Use Smart Scan - Recognizes the file type regardless of its extension. Applies only if Scan infectible Files is selected.

Exclude Extensions - Specifies the file extensions of programs and documents to exclude from a scan. Applies to any of the three radio options above. Excluded extensions have precedence over included extensions. Enter each extension separated by a semi-colon (;) character.

Scan Inside Archives - If checked, scanning includes archive files—such as ZIP and RAR files.

Enable Anti-Spyware - If checked, scanning includes spyware, adware, DLL-trojans, keyloggers and potentially unwanted programs.

Enable Cookie Detection - If checked, scanning includes spyware cookies.

Enable Registry Detection - If checked, scanning includes spyware entries in the registry.

Select System Priority to Scan - Adjusts the priority of the scan against other tasks being performed on the managed machine.

  • Do Not Set
  • Low Priority
  • Lower Priority
  • Default Priority
  • High Priority

Gaps During file Scan - If set to a value other than None, pauses after each file has been scanned for a specified time period. Pausing increases the performance of other tasks on the managed machine, but increases the time required to perform a full scan.

Once detected an infected file can be moved or deleted, but it cannot be opened, saved or copied. Use the following list to determine how to set the Disinfect and Delete checkboxes:

  • Disinfect Yes / Delete Yes - An attempt is made to clean the original file. If cleaning fails, the original file is deleted. The file is not quarantined.
  • Disinfect Yes / Delete No - An attempt is made to clean the original file. If cleaning fails the original file is moved to quarantine and the original file displays in the Security > View Threats page. If the original file is deleted using the View Threats page, both the quarantined copy and the original file are deleted.
  • Disinfect No / Delete Yes - No attempt is made to clean the original file. The original file is deleted without putting a copy of the original file in quarantine.
  • Disinfect No / Delete No - No attempt is made to clean or delete the file. The original file displays in the Security > View Threats page as infected.

Exchange: Product

Enable AVG for Exchange Server - Enable or disable email scanning for assigned MS Exchange Servers.

Run Scans in Background - Enable or disable background scanning. Background scanning is one of the features of the VSAPI 2.0/2.5 application interface. It provides threaded scanning of the Exchange Messaging Databases. Whenever an item that has not been scanned before is encountered in the users' mailbox folders, it is submitted to AVG for Exchange 2000/2003 Server to be scanned. Scanning and searching for unexamined objects runs in parallel. A specific low priority thread is used for each database, which guarantees other tasks (e.g. e-mail messages storage in the Microsoft Exchange database) are always carried out preferentially.

Scan Proactively - Enable or disable VSAPI 2.0/2.5 proactive scanning. Proactive scanning involves dynamical priority management of items in the scanning queue. Lower priority items are not scanned unless all higher priority ones have been scanned. An item's priority rises if a client tries to use it, so an items' precedence changes dynamically according to user activity.

Scan RTF Files - Specify whether RTF files should be scanned or not.

Scanning Threads - Scanning process is threaded by default to increase the overall scanning performance by a certain level of parallelism. The default number of threads is computed as 2 times the 'number_ of_processors' + 1.

Scan Timeout - The maximum continuous interval, in seconds, for one thread to access the message that is being scanned.

Move Files to Quarantine - If checked, infected e-mail messages are moved into quarantine.

Delete infected messages (Exchange Server 2003 only) - If checked, messages with viruses are deleted. If blank, infected email is delivered to recipients, but infected attachment is replaced with a text file containing information on the virus detected. This option is available only in VSAPI 2.5 in Exchange 2003 Server.

Note: The Microsoft Exchange Virus Scan API (VSAPI) provides a way for anti-virus software to scan at a very low-level in the Exchange store. This allows a virus scanning application to run with high performance and guarantees that the message will be scanned before any client can access a message or attachment.

Exchange: Plugin

These attributes determine how email protection is applied to MS Exchange Servers. See Email Protection for local email clients above for a description of each attribute.

Exclude Dirs

Add new record - Adds directories excluded from a scan. Some directories may be threat-free but contain files that are erroneously interpreted as malware.

Warning: Do not exclude directories unless the contents of the directories are known to be threat-free.

Exclude PUPs

Add new record - Adds files excluded from a scan. Some files may be threat-free but contain files that are erroneously interpreted as potentially unwanted programs (PUPs).

Warning: Do not exclude files unless the contents of the files are known to be threat-free.