How this guide is organized
This document is meant as a reference to use along with the VirusScan Console and ePolicy Orchestrator user interfaces. It also describes, in order, how you should approach protecting your system from malware using VirusScan Enterprise. To describe that process, this document is separated into four major parts, plus an appendix:
- Part I — Prevention: Avoiding Threats — The best way to protect your system is to keep any malware from ever gaining access to your system. This part of the document describes the following:
- Protecting your systems’ access points, memory from overflow errors, and unwanted programs.
- Detection definitions and how they are used to protect your system and the importance of updating these definitions on a regular basis.
- Excluding files, folders, and disks from scanning.
- Using scheduled task to periodically scan your system and update the files used by VirusScan Enterprise.
- Part II — Detecting: Finding Threats — Files that are opened or copied from other file systems or the Internet might provide access to your system. Also, application programming interface (API) calls and scripts can pose a threat to your system. These threats are found during the following VirusScan Enterprise scan processes:
- On-access scanning — Scans a file for malware when the file is read or written to disk, it also protects boot sectors, scans memory of processes already running, detects cookies, and protects against unwanted programs.
- On-demand scanning — Scans the entire system for threats on a scheduled basis or as needed when started from the VirusScan Console.
- Email on-delivery and on-demand scanning — Protects against malware arriving through email in Microsoft Outlook and Lotus Notes.
- Buffer overflow protection — Analyzes API calls made by certain processes, to confirm they do not attempt to overwrite adjacent data in the memory buffer.
- ScriptScan — Finds threats from browsers or other applications accessed that use the Windows Script Host.
- Part III — Response: Handling Threats — VirusScan Enterprise can be configured to perform any of the following steps, when a threat is found:
Note: For any detection, you can configure VirusScan Enterprise to notify the user or not.
- Deny Access to the threat or take no further action.
- Delete or Clean the threat. When either of these actions is taken a copy of the original file is stored in the Quarantine folder.
- Part IV — Monitoring, Analyzing, and Fine-Tuning Your Protection — Once your protection is up and running, you should monitor your
system using ePolicy Orchestrator queries and reports. Then you could decide to make changes to your security settings in order to increase or reduce the amount of system protection. Alternatively, you might also use VirusScan Console logs and Simple Network Management Protocol (SNMP) traps to monitor your systems.
- Appendix — Describes some additional features you should be aware of when using VirusScan Enterprise. For example, VirusScan Enterprise command-line options, connecting to remote systems through VirusScan Enterprise, and more.