Reference Guide

Security Management Server Virtual - AdminHelp v9.8
245
Memory of all running processes.
Files that the Windows Registry references.
Contents of the Windows folder.
Contents of the Temp folder.
By default, the scanner scans all file types, regardless of extension.
Access Protection Prevents other computers from making a connection and creating or altering autorun
(autorun.inf) files from CDs. The rule prevents spyware and adware distributed on CDs from being executed
and automatically blocks and reports such issues. Default: Selected (Enabled).
Exploit ProtectionMonitors for application vulnerabilities and keeps buffer overflow exploits from
executing arbitrary code on the computer. Default: Selected (Enabled).
Script Scan ProtectionEnables scanning JavaScript and VBScript scripts to prevent unwanted scripts from
executing. Default: Selected (Enabled).
Configurable Actions - After Threat is Detected
Actions taken if a threat, unwanted program, or exploit is detected are controlled by policy and include the
following:
Full-Scan Threat First Response - Specifies the first action for the scanner to take when a threat is detected.
Default: Clean file.
Full-Scan Threat First Response Fails - Specifies the action for the scanner to take when a threat is detected
if the first action fails. Default: Delete file.
Full-Scan Unwanted Program First Response - Specifies the first action for the scanner to take when a
potentially unwanted program is detected. Default: Clean file.
Full-Scan Unwanted Program First Response Fails - Specifies the action for the scanner to take when an
unwanted program is detected if the first action fails. Default: Delete file.
Quick-Scan Threat First Response - Specifies the first action for the scanner to take when a threat is
detected. Default: Clean file.
Quick-Scan Threat First Response Fails - Specifies the action for the scanner to take when a threat is
detected if the first action fails. Default: Delete file.
Quick-Scan Exploit First Response - Specifies the first action for the scanner to take when a potential exploit
is detected. Default: Clean file.
Quick-Scan Exploit First Response Fails - Specifies the action for the scanner to take when an exploit is
detected if the first action fails. Default: Delete file.
Reputation Service Sensitivity policies
When the Full-Scan Reputation Service Sensitivity or Quick-Scan Reputation Service Sensitivity policies are
enabled, samples are submitted to the Reputation Service lab to determine if they are malware. The
sensitivity level is used when determining if a detected sample is malware. The higher the sensitivity level,
the higher the number of malware detections. However, allowing more detections might result in more false
positive results.
The following values can be set:
Disable - Samples are not submitted to the Reputation Service lab.
Very Low - A detection is made available to Threat Protection when the Reputation Service lab publishes it
instead of waiting for the next file update. Average of 10-15 queries per day, per computer.