Product guide
Configuring Essential Security
The VirusScan Enterprise settings described in this chapter have protected hundreds of customers
from malware attacks. McAfee Sales Engineers and Support staff have tested these settings,
and when configured correctly and in the order listed, they are very effective in protecting your
systems.
NOTE: If any one of the settings described in the following best practices is not configured,
your system is vulnerable to threats.
Contents
1. Configuring self protection
2. Configuring on-access scanning when reading files and for all files settings
3. Setting buffer overflow minimum protection
4. Confirming VirusScan, DAT file, and engine versions
5. Enabling "Artemis"
6. Configuring daily memory scans
7. Configuring regular on-demand scans
8. Configuring DAT files and Engine updates
1. Configuring self protection
Configuring VirusScan Enterprise self protection is one of the most important settings when
trying to protect your systems from malware attacks. Disabling your system security software
is one of the first things malware attempts to do during an attack.
No user, administrator, developer, or security professional should ever need to disable VirusScan
Enterprise protection on their system.
To configure the minimum VirusScan Enterprise self protection using ePolicy Orchestrator,
access the VirusScan Enterprise 8.8.0, Access Protection Policies, and click the Access
Protection tab. Select the following settings:
• Next to Access protection settings click:
• Enable access protection
• Prevent McAfee services from being stopped
• In the Categories list, click Common Standard Protection.
• In the Block/Report/Rules list, click Block and Report for all of the following rules:
• Prevent modification of McAfee files and settings
• Prevent modification of McAfee Common Management Agent files and settings
• Prevent modification of McAfee Scan Engine files and settings
7McAfee VirusScan Enterprise 8.8