Find the desired product help

Antivirus Settings


The antivirus settings screen lets you configure real-time monitoring, custom scans and scan exclusions.

  • Tip. Add a 'Miscellaneous' section to the profile if you want to setup registry monitoring. See Miscellaneous Settings for more details.

Configure Antivirus settings

  • Click 'Assets' > 'Configuration Templates' > 'Profiles'

  • Open the profile you want to work on

  • Click the 'Antivirus' tab then 'Edit', if it has already been added to the profile

OR

  • Click 'Add Profile Section' > 'Antivirus' if it hasn't yet been added

You can use the default AV settings or import them from a predefined profile:




  • The default settings differ slightly from those in the various profiles. For example, 'Show antivirus alerts' is disabled in the security level 1 profile but is enabled in the default settings.

  • In either case, you can always modify the AV settings later as required.

  • Make your selection then click 'Ok'.

The AV settings screen opens:

  • Real Time Scan - Configure the 'always-on' virus monitor. This is the core antivirus scanner that continuously protects your endpoints against malware.

  • Scans - Create a custom scan profile. Custom scan profiles let you choose which areas you want to scan. You can also create a scan schedule. You can add multiple scan profiles to a device profile.

  • Exclusions - Files and folders that should be skipped on devices to which the profile is applied. Items you add here are excluded from real-time scans and any custom scans.

Realtime Scan settings




Realtime Scan Settings - Table of Parameters

Form Element

Description

Enable Realtime Scan

The realtime scanner ensures your devices are constantly protected from malware. The scanner inspects files whenever they are created, opened or copied.

  • Choose whether of not to enable real time scanning.

(Default = Enabled)

Enable Scanning Optimizations

Various techniques to improve antivirus scan performance and reduce resource use.

  • Choose whether or not to enable scan optimization.

(Default = Enabled)

Do not show auto-scan alerts

Choose whether or not to show a notification to end-users when an external device is connected to the endpoint.

  • XCS can automatically scan external devices whenever they are connected. Example devices include external HDD's, USB sticks etc.

  • Show alerts - End user can choose whether or not to scan the device from the alert

  • Don't show alerts - You have a choice of default responses that XCS should take:

    • Ignore - The device will not be scanned

  • Scan - The device will be scanned for viruses

(Default = Enabled with 'Ignore' option)

Run cache builder when computer is idle

The antivirus cache builder runs whenever the computer is idle to boost the speed of real-time scans.

(Default = Disabled)

  • Applies only to XCS versions 8.3 or lower.

Scan computer memory after the computer starts

If enabled, XCS will scan system memory for threats after a re-boot.

(Default = Disabled)

Show antivirus alerts

Configure whether or not to show alerts on the endpoints when malware is discovered.


Disabling will minimize disturbance to the end-user but at some loss of user awareness.


If you choose not to show alerts then you have a choice of default responses that XCS should automatically take:

  • Quarantine threats - Moves detected threat(s) to quarantine for assessment.

  • Block threats - Prevents the file from running

(Default = Enabled with 'Quarantine threats' option)

Decompress and scan archive files of extensions

The antivirus will open and scan archive files such as .jar, RAR, ZIP, ARJ, WinARJ and CAB.


If enabled, you can choose which types of archive should be decompressed and scanned. Click the 'Extensions' link to view existing extensions and add new extensions.

(Default = Disabled)

Set new on-screen alert timeout to (secs)

Specify how long an alert should stay on the screen at an endpoint.

(Default = 120 seconds)

Set new maximum file size to (MB)

Specify the maximum file size that the antivirus should attempt to scan.

Files larger than the size specified here will not be not scanned. (Default = 40 MB)

Set new maximum script size limit to (MB)

Specify the maximum size of a script that the antivirus should attempt to scan.

Files larger than the size specified here are not scanned. (Default = 4 MB)

Use heuristic scanning

Enable or disable heuristics scanning and define the scan level.

The scan level determines how likely the scanner is to classify an unknown file as a threat.

  • Low - Lowest sensitivity to detecting unknown threats / generates fewest false positives. The 'low' setting combines an extremely high level of security and protection with a low rate of false positives. Xcitium recommends this setting for most users. (Default)

  • Medium - Detects unknown threats with greater sensitivity than the 'Low' setting but with a corresponding rise in the possibility of false positives.

  • High- Highest sensitivity to detecting unknown threats / increased possibility of false positives.

(Default = Enabled with 'Low ' option)


Background Note: Heuristic techniques identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing a file to ascertain whether it contains code typical of a virus. It is about detecting attributes which resemble a virus, rather than looking for a signature that matches a signature on the virus blacklist. This allows the engine to predict the existence of new viruses - even if they are not in the current virus database.

Block all Microsoft Office documents containing macro script Block files containing macro script except the specified files/folders so that you can prevent the damage of harmful macros in word files.
  • You can define exclusions so the necessary files/file groups are excluded from blocking

  • When this setting is enabled, the portal should send configurations to XCS so that XCS can block files containing macro scripts.
(Default = Disabled)
  • Click 'Exclusion'. The 'Manage Exclusions' dialog will appear with a list of defined exclusions under two tabs:

    • Exclusion Paths - Enter the location of an individual item that you want to exclude. Contained files can write to the files/folders you specify here. You can add multiple files by clicking 'Add' again.

    • Click 'Add' then 'Path' or 'File Group' as required:



  • Exclusion Groups - Allow contained apps to access apps and files in a particular group. A file group is a collection of file types which have similar attributes, scope, or functionality. For example, 'Executables', 'Metro Apps', or 'Windows System Applications'. Xcitium ships with a set of pre-defined file groups. You can create custom file groups from the 'Settings' > 'Settings' > 'System Templates' > 'File Groups Variables' interface. See Create and Manage File Groups for more details.

  • Click 'Add' then 'Path' or 'File Group' as required:




  • Click 'OK' to save your settings.
  • You can edit or remove the exclusions using the respective buttons in the 'Action' column in the File/Folders interface.


  • Click the 'Save' button at the bottom.

Custom Scans


The 'Scans' pane allows you to view, edit, create and run custom scan profiles. Each scan profile is a collection of scanner settings that tell XCS:

  • Where to scan (which files, folders or drives should be covered by the scan)

  • When to scan (you have the option to specify a schedule)

  • How to scan (options that let you specify the behavior of the scan engine when running this profile

  • You can add multiple scan-profiles to a device profile.

Xcitium ships with four scan profiles:

  • Full Scan - XCS scans every drive, folder and file on the target device. External devices like USB drives and digital camera will also be scanned.

  • Quick Scan - XCS scans important areas which are most prone to attack from malware. Scanned areas include system memory, auto-run entries, hidden services, boot sectors and other significant areas.

  • Unrecognized Files Scan - XCS only scans files which have an 'unknown' trust rating. XCS will obtain the file's latest trust rating from the our master online database.

  • Quarantined Files Scan - XCS only scans files which are currently quarantined. XCS will obtain the file's latest trust rating from the our master online database.

Click the 'Edit' icon  beside a profile name to modify which items are scanned, and to set up a scan schedule. For details on the parameters, see the explanation below.


Create a custom scan profile

  • Open the 'Antivirus' section of your profile.

  • 'Assets' > 'Configuration Templates' > 'Profiles' > open the target profile

  • Open the 'Antivirus' section, or click 'Add Profile Section' > 'Antivirus'

  • Click the 'Scans' tab.

  • Click the 'Add' button:




  • Enter the name of the custom scan in the 'Scan name' field

  • Choose the files, folder or regions you want to scan

Target items are shown as follows:




Next, choose your scan options:

  • Click the 'Options' bar

  • See the table below the screenshot for a description of each option:


Scan Options - Table of Parameters

Form Element

Description

Enable scanning optimizations

The antivirus will employ various optimization techniques like running the scan in the background in order to speed-up the scanning process (Default = Enabled).

  • Applies only to XCS versions 8.3 or lower.

Decompress and scan compressed files

The antivirus will open and scan archive files. Supported formats include RAR, WinRAR, ZIP, WinZIP ARJ, WinARJ and CAB archives (Default = Enabled).

Use cloud while scanning

Augments the local scan with a real-time look-up of Xcitium's online signature database. The cloud database is the most up-to-date version of our virus database, so antivirus scans are more accurate.


With 'Cloud Scanning' enabled, XCS is capable of detecting zero-day malware even if the local database is out-dated. (Default = Enabled).

Automatically clean threats

XCS will automatically take action against detected threats instead of showing the results screen with a list of threats. You can choose the action to be taken from the drop-down. The available options are:

  • Disinfect

  • Quarantine

(Default = Enabled with Disinfect option)

Show scan results window

Displays a results window at the end of a virus scan. The results windows shows all threats identified by the scan. (Default = Disabled)

Use heuristic scanning

Enable or disable heuristics scanning and define the scan level.


The scan level determines how likely the scanner is to classify an unknown file as a threat.

  • Low - Lowest sensitivity to detecting unknown threats / generates fewest false positives. The 'low' setting combines an extremely high level of security and protection with a low rate of false positives. Xcitium recommends this setting for most users. (Default)

  • Medium - Detects unknown threats with greater sensitivity than the 'Low' setting but with a corresponding rise in the possibility of false positives.

  • High- Highest sensitivity to detecting unknown threats / increased possibility of false positives.

(Default = Enabled with 'Low ' option)

Background Note: Heuristic techniques identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing a file to ascertain whether it contains code typical of a virus. It is about detecting attributes which resemble a virus, rather than looking for a signature that matches a signature on the virus blacklist. This allows the engine to predict the existence of new viruses - even if they are not in the current virus database

Apply this action to suspicious autorun entries


XCS will inspect auto-run entries, Windows services, startup items and scheduled tasks during each scan.

  • You can apply one of the following actions to services started by unrecognized or malicious processes:

  • Quarantine and Disable: The service will be stopped and permanently disabled. The file that started the service will be quarantined on the device.

  • Terminate and Disable - The service will be stopped and permanently disabled. If required, the service can be enabled manually. (Default)

  • Terminate - The service will be stopped for the current session.

  • Ignore -The detection will be logged but the service allowed to run normally.

Applies only to XCS versions 10.7 or higher.

Limit maximum file size to

Specify the maximum file size that the antivirus should attempt to scan.(Default = 40 MB).

Run this scan with

Set the Windows priority for the scan. Choices are high, medium, low and run in the background. (Default = Enabled with Background option)

Update virus database before running

Makes XCS to check for virus database updates before a scan. Available updates will be downloaded prior to the scan.


(Default = Enabled).

Detect potentially unwanted applications

XCS also scans for applications that

(i) a user may or may not be aware is installed on their computer and

(ii) may functionality and objectives that are not clear to the user.

Example PUA's include adware and browser toolbars. PUA's are often installed as an additional extra when the user is installing an unrelated piece of software. Unlike malware, many PUA's are 'legitimate' pieces of software with their own EULA agreements. However, the 'true' functionality of the software might not have been made clear to the end-user at the time of installation. For example, a browser toolbar may also contain code that tracks a user's activity on the Internet (Default = Enabled).


The next step is to schedule when the custom scan should be run.

  • Click 'Schedule'



Schedule Settings - Table of Parameters

Form Element

Description

Frequency

  • Do not schedule this task - The scan is not run automatically at a set time. The scan is saved after you click 'Ok' and is available for manual, on-demand scans.

  • Every hour(s) - Run the scan once every n hours. For example, once every 3 hours.

  • Enter the number of hours between scans in the box provided.

  • Every Day - Runs the scan every day at the time specified

  • Every Week - Runs the scan weekly on the days and time you specify.

  • Every Month - Runs the scan monthly on the days and time you specify.

  • Selected days of month - Run the scan on specific days and weeks in a month. Select the weeks and days from the menus.

Run only when computer is not running on battery

Runs the scan only if the computer is connected to the mains supply. This is useful if you are using a laptop or any other battery driven portable computer.

Run only when computer is idle

Scans will run only if the computer is in idle state. Select this if you do not want to be disturbed, or if you are running resource intensive programs and do not want the scan to take processing power.

Turn off computer if no threats are found at the end of the scan

Powers down your computer if no threats are found during the scan. For example, this is useful if you have scans which are scheduled to run at night.


  • Click 'OK' to save the custom scan settings



The added scan profile will be listed in the screen.

  • Use the switches to enable or disable a scan-profile.

  • To change the settings for the custom scan, click the edit button , edit the parameters and click 'OK'

  • To remove a custom scan from the list, select it and click 'Remove'

Exclusions


The 'Exclusions' screen under the Antivirus setting has three sub sections that allow you to add a list of paths, list of applications/files and 'File Groups' which should be excluded from the antivirus scan.

  • Click 'Exclusions'

Add excluded paths


By default the 'Excluded Paths' screen will be displayed:




  • Click 'Add'

The 'Add Excluded Path' dialog will appear:




  • Enter the full path that should be excluded from scanning and click 'OK'.

The added excluded path will be included in the list.




  • Repeat the process to include more paths

  • To change the path, click the edit button , edit the parameters and click 'OK'

  • To remove a path from the list, select it and click 'Remove'

Add excluded applications

  • Click 'Excluded Applications'

  • EDR agent will add as Exclusions in Windows Default profile.



  • Click 'Add'



  • Enter the full path including the application that should be excluded from scanning and click 'OK'

  • Repeat the process to include more applications




  • To change the application path, click the edit button , edit the parameters and click 'OK'

  • To remove an application from the list, select it and click 'Remove'

Add Excluded Groups


File groups make it easy to exclude an entire class of file types. Click 'Settings' > 'Settings' > 'System Templates' > 'File Group Variables' to view/edit/create file groups. See File Groups if you need more help.

  • Click 'Excluded Groups'



  • Click 'Add'.

The 'Add Group' dialog opens:




  • Choose the group from the 'Group' drop-down and click 'OK'.

The group will be added to the exclusions.


  • Repeat the process to add more file groups

  • Click the 'Save' button at the bottom to save the antivirus settings.

  • Click 'Delete' to remove the antivirus settings section. See Edit Configuration Profiles for more details about editing the parameters.