McAfee VirusScan
McAfee VirusScan
Preface
Getting Started
Part I - Prevention: Avoiding Threats
Part II - Detection: Finding Threats
Part III - Response: Handling Threats
Part IV - Monitoring, Analyzing, and Fine-Tuning Your Protection
Appendix
McAfee VirusScan
Part II – Detection: Finding Threats
Scanning items on-access
Determine the number of scanning policies
Determine the number of scanning policies
Follow this process to determine whether to configure more than one on-access scanning policy.
Determine the number of scanning policies
McAfee VirusScan > Determine the number of scanning policies
Preface
Audience
Conventions
How this guide is organized
Finding product documentation
Getting Started
Introducing VirusScan Enterprise
Components and how they interact
The importance of creating a security strategy
VirusScan Console and ways to access it
VirusScan Console and how it works
Using right-click features
System tray icons and how they work
What to do first
Part I - Prevention: Avoiding Threats
Access protection
How access threats are stopped
Control access to the user interface
How setting a password affects users
Configuring user interface security settings
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Protecting your system access points
How access protection rules are defined
Access point violations and how VirusScan Enterprise responds
Types of user-defined rules
Configuring access protection settings
Configuring predefined rules
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Configuring user-defined rules
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Port blocking rule options
File and folder blocking rule options
Registry blocking rule options
Include or exclude specific process options
Removing user-defined rules
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Blocking buffer overflow exploits
How buffer overflow exploits occur
Configuring buffer overflow protection
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Restricting potentially unwanted programs
Configuring unwanted programs
Accessing the unwanted programs policies
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Enabling unwanted program detection in the on-access and email scanners
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Updating detection definitions
DAT files and how they work
The importance of an update strategy
How an update strategy is determined
Requirements for an efficient update strategy
Update tasks and how they work
Configuring the AutoUpdate task
Mirror tasks and how they work
Configuring the mirror task
How the AutoUpdate repository works
Configuring the repository list
How rolling back DAT files works
Rolling back DAT files
Excluding scan items
Specifying exclusions
How to use wildcards to specify scan items
Using scheduled tasks
Scheduling tasks
Configuring the task schedule
Part II - Detection: Finding Threats
Scanning items on-access
On-access scanning and how it works
Scanning comparison: writing to disk vs. reading from disk
Scanning comparison: scanning all files vs. scanning default + additional file types
Script scanning and how it works
How Artemis works
Determine the number of scanning policies
How general and process settings are configured
Configuring general settings
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Configuring process settings
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Process setting tab options
Enabling on-network drives
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Scanning items on-demand
On-demand scanning and how it works
On-demand scanning methods and how they are defined
How scanning of remote storage works
How scan deferral works
How system utilization works
Configuring on-demand scan tasks
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Configuring on-demand scan tasks tabs
Configuring global system cache
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Scanning email on-delivery and on-demand
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
On delivery email scan policies tab definitions
Part III - Response: Handling Threats
Detections and responses
What happens when a detection occurs
System access point violations
Buffer overflow detections
Unwanted program detections
On-access scan detections
On-demand scan detections
Email scan detections
Quarantined items
Configuring the quarantine policy
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Managing quarantined items
Configuring alerts and notifications
Configuring alerts
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Alert policy tab configuration
Access queries and dashboards
Configuring emergency DATs
About emergency DATs
Downloading a SuperDAT file
Installing the SuperDAT files on an ePolicy Orchestrator repository
Installing the EXTRA.DAT file on a client system
Part IV - Monitoring, Analyzing, and Fine-Tuning Your Protection
Monitoring activity in your environment
Tools for monitoring activity
Query and dashboard uses
Activity log uses
Running an example query
Analyzing your protection
The importance of analysis
Analyzing protection examples
ePolicy Orchestrator 4.5 or 4.6
ePolicy Orchestrator 4.0
VirusScan Console
Appendix
Configuring ePolicy Orchestrator server tasks
Configuring example server task
Using the command line with VirusScan Enterprise
On-demand scanning command-line options
Update task command-line options
Connecting to remote systems
Accessing remote systems with VirusScan Enterprise installed
Submit threat samples for analysis
Access the McAfee Labs Threat Library
Troubleshooting
Repairing the product installation
Viewing the on-access activity log file
Using the MER tool during troubleshooting
Disabling VirusScan Enterprise during troubleshooting
Suggested support and troubleshooting tools
Frequently asked questions
McAfee VirusScan
de
en
es
fr
it
ja
ko
nl
pl
pt
ru
sv
zh
