Next Topic

Previous Topic

Book Contents

Define Profile

The Define Profile page manages security profiles. Each security profile represents a different set of of enabled or disabled security options. Changes to a security profile affect all machine IDs assigned that security profile. A security profile is assigned to machine IDs using Security > Assign Profile. Typically different types of machines or networks require different security profiles.

This page provides you with the following actions:

  • Save - Saves changes to a security profile.
  • Save As - Creates a new security profile by saving it using a different name.
  • Delete - Deletes an existing security profile.
  • Share - Shares a private security profile. Other administrators, except for master administrators, cannot see private security profiles. Sharing a private security profile makes it a public security profile.
  • Take Ownership - Takes ownership of any public security profile.

To Define or Maintain a Security Profile

  1. Select a security profile from the Select Profile drop-down list.
  2. Set options on security profile tabs:
    • General
    • Resident Shield
    • Email Scanner
    • Full Scan
    • Exchange
    • Exclude Dirs
    • Exclude PUPs
  3. Click the Save or Save As button to save the security profile.

General

Limit Size of the Vault - If checked, limits the size of the vault as specified using the following options:

  • Maximum Size of the Vault: <N>% of Local Disk - Enter the maximum percentage of disk space to allocate for the storage of quarantined threats.
  • Minimum Available Space to Remain on Local Disk - Enter the minimum number of megabytes to allocate on the disk to the storage of quarantined threats.

Automatic File Deletion - If checked, deletes files automatically as specified by the following options:

  • Delete Files Older than <N> Days - Enter the number of days to store quarantined threats before they are automatically deleted.
  • Maximum Number of files to Store - Enter the maximum number of quarantined threats to store.

Display option to Enable/Disable Resident Shield in Agent Icon Menu - If checked:

  • Enable Security and Cancel Scan options display in the agent task menu of the managed machine.
  • The user can click the Enable Security option on the agent menu to turn security protection on or off.
  • The user can click the Cancel Scan option on the agent menu to cancel an ongoing security protection scan.

    Note: The administrator can also enable/disable security protection remotely using Security > Security Status.

Run System Scan upon KES Start Up - If checked, security protection scans the following system areas on startup:

  • Boot sector of disk
  • Master boot record in the partition table
  • System registry
  • System32 files: kernel32.dll, wsock32.dll, user32.dll, shell32.dll, ntoskrnl.exe
  • System32\Drivers

Resident Shield

Resident shield is a memory-resident feature.

Enable Resident Shield - If check, the following types of files are scanned as they are copied, opened or saved. If blank, no other Resident Shield options are evaluated.

Scan all files - If selected, all files on the managed machine are scanned.

Scan infectible files and Selected Document Types - If selected, specifies the additional file extensions of programs and documents to include or exclude using the following options:

  • Exclude files with the following extensions from the scan - Specifies the file extensions of programs and documents to exclude from a scan. Excluded extensions have precedence over included extensions. Enter each extension separated by a semi-colon (;) character.
  • Always scan files with the following extensions - Specifies the file extensions of programs and documents to include in a scan. Enter each extension separated by a semi-colon (;) character. Resident Shield scans the following file extensions without you having to specify them: 386; ASP; BAT; BIN; BMP; BOO; CHM; CLA; CLASS; CMD; CNM; COM; CPL; DEV; DLL; DO*; DRV; EML; EXE; GIF; HLP; HT*; INI; JPEG*; JPG; JS*; LNK; MD*; MSG; NWS; OCX; OV*; PCX; PGM; PHP*; PIF; PL*; PNG; POT; PP*; SCR; SHS; SMM; SYS; TIF; VBE; VBS; VBX; VXD; WMF; XL*; XML; ZL*;
  • Scan files without an extension - If checked, the scan includes files without an extension.

Scan for Tracking Cookies - If checked, the scan includes internet browser tracking cookies. Found tracking cookies are deleted immediately and not moved to the virus vault.

Scan Potentially Unwanted Programs and Spyware threats - If checked, the scan detects executable applications or DLL libraries that could be potentially unwanted programs. Some programs, especially free ones, include adware and may be detected and reported by Kaseya Endpoint Security as a Potentially Unwanted Program.

Scan files on close - If checked, files are scanned as they are closed.

Scan boot sector of removable media - If checked, the scan includes the boot sector of removable media.

Use Heuristics - If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

Email Protection

Enable Email Scanner - If checked, inbound and outbound email and attachments are scanned for viruses. If blank, no other Email Protection options are evaluated.

Note: Email scanning applies to local email clients, such as Outlook, installed on the managed machine. It does not apply to email scanning for MS Exchange Servers. See the Exchange section below.

Check Incoming Email - If checked, incoming email is scanned.

Certification: Some email clients support appending text to email messages certifying that the email has been scanned for viruses.

  • Do Not Certify Email - If selected, incoming email is not certified.
  • Certify all Email - If selected, all incoming email is certified.
  • Only Certify Email with Attachments - If selected, only incoming email with attachments are certified.
  • Incoming Email Certification - Certification text appended to incoming email.

Check Outgoing Email - If checked, outgoing email is scanned.

  • Do Not Certify Email - If selected, outgoing email is not certified.
  • Certify all Email - If selected, all outgoing email is certified.
  • Only Certify Email with Attachments - If selected, only outgoing email with attachments are certified.
  • Outgoing Email Certification - Certification text appended to outgoing email.

Modify Subject for Messages Marked as Virus - Adds prefix text to the subject of a message that contains a virus.

Use Heuristics - Applies to an email message. If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

Scan Potentially Unwanted Programs and Spyware threats - If checked, email scanning includes scanning for spyware, adware, and potentially unwanted programs.

Scan inside archives (RAR, RAR 3.0, ZIP, ARJ, CAB) - If checked, email archives are scanned.

Report Password Protected Attachments - If checked, reports password-protected attachments to emails as threats.

Report Password Protected Documents - If checked, reports password-protected documents as emails as threats.

Report Files containing macro - If checked, reports files containing macros attached to emails as threats.

Report hidden extensions - If checked, reports files that use a hidden extension. Some viruses hide themselves by doubling their file extension. For example, the VBS/Iloveyou virus attaches a file, ILOVEYOU.TXT.VBS, to e-mails. The default Windows setting is to hide known extensions, so the file looks like ILOVEYOU.TXT. When you open it you do not open a .TXT text file but instead execute a .VBS script file.

Move reported attachments to Virus Vault (incoming email only) - If checked, reported email attachments are moved to the virus vault. They display in the Virus Vault tab of the View Threats page instead of in the Current Threats tab.

Full Scan

Scan Potentially Unwanted Programs and Spyware threats - If checked, the scan detects executable applications or DLL libraries that could be potentially unwanted programs. Some programs, especially free ones, include adware and may be detected and reported by Kaseya Endpoint Security as a Potentially Unwanted Program.

Scan for Tracking Cookies - If checked, the scan includes internet browser tracking cookies. Found tracking cookies are deleted immediately and not moved to the virus vault.

Scan Inside Archives - If checked, scanning includes archive files—such as ZIP and RAR files.

Use Heuristics - If checked, scanning includes heuristic analysis. Heuristic analysis performs a dynamic emulation of a scanned object's instructions within a virtual computing environment.

Scan system environment - If checked, system areas are scanned before the full scan is started.

Scan infectible files only - If checked, "infectible" files are scanned based on their contents regardless of their file extensions. For example, an exe file could be renamed but still be infected. The following types of files are considered 'infectible' files:

  • EXE type - COM; DRV; EXE; OV?; PGM; SYS; BIN; CMD; DEV; 386; SMM; VXD; DLL; OCX; BOO; SCR; ESL; CLA; CLASS; BAT; VBS; VBE; WSH; HTA; HTM; HTML; ?HTML; CHM; INI; HTT; INF; JS; JSE; HLP; SHS; PRC; PDB; PIF; PHP; ZL?; ASP; LNK; EML; NWS; CPL; WMF
  • DOC type - DO?; XL?; VBX; RTF; PP?; POT; MDA; MDB; XML; DOC?; DOT?; XLS?; XLT?; XLAM; PPT?; POT?; PPS?; SLD?; PPAM; THMX

Scan for rootkits - If checked, scans for rootkit viruses. A rootkit virus attempts to take control of a machine using "Administrator" or "System" level access without authorization by the system's owners and legitimate managers.

Select System Priority for Scan - Defines how fast the scan runs and how much system resources the scan uses. You can set the scan to run as fast as possible while slowing down a computer noticably, or you can choose that you wish the scan to run using as little system resources as possible, while prolonging the scan's run time.

Exchange

Enable AVG for Exchange Server - Enable or disable email scanning for assigned MS Exchange Servers.

Run scans in background - Enable or disable background scanning. Background scanning is one of the features of the VSAPI 2.0/2.5 application interface. It provides threaded scanning of the Exchange Messaging Databases. Whenever an item that has not been scanned before is encountered in the users' mailbox folders, it is submitted to AVG for Exchange 2000/2003 Server to be scanned. Scanning and searching for unexamined objects runs in parallel. A specific low priority thread is used for each database, which guarantees other tasks, for example email messages storage in the Microsoft Exchange database, are always carried out preferentially.

Scan Proactively - Enable or disable VSAPI 2.0/2.5 proactive scanning. Proactive scanning involves dynamical priority management of items in the scanning queue. Lower priority items are not scanned unless all higher priority ones have been scanned. An item's priority rises if a client tries to use it, so an items' precedence changes dynamically according to user activity.

Scan RTF Files - Specify whether RTF files should be scanned or not.

Scanning Threads - The scanning process is threaded by default to increase the overall scanning performance by a certain level of parallelism. The default number of threads is computed as 2 times the 'number_ of_processors' + 1.

Scan Timeout - The maximum continuous interval, in seconds, for one thread to access the message that is being scanned.

Exclude Dirs

Add new record - Adds directories excluded from a scan. Some directories may be threat-free but contain files that are erroneously interpreted as malware.

Warning: Do not exclude directories unless the contents of the directories are known to be threat-free.

Exclude PUPs

Add new record - Adds files excluded from a scan. Some files may be threat-free but contain files that are erroneously interpreted as potentially unwanted programs (PUPs). You need to identify the filename, its checksum value and its file size in bytes.

Warning: Do not exclude files unless the contents of the files are known to be threat-free.

Click Add New Record then enter the following:

  • Filename - Enter the name of the file.
  • Checksum - Enter the checksum value of the file. To determine the checksum value, open the AVG UI on a machine that contains the file. Select Tools > Advanced Settings. Select the PUP Exceptions property sheet. Click the Add exception button. Select the file by browsing the machine's local directory. The corresponding checksum value is displayed. Copy and paste the checksum value from the AVG UI into the Add new record dialog box of the Exclude Pups tab of Security > Define Profile.
  • File Size - Enter the file size in bytes. To determine the file size, right-click the file in Windows Explorer and check the Size value in bytes.