Antivirus Settings
The antivirus settings screen lets you configure real-time monitoring, custom scans and scan exclusions.
-
Tip. Add a 'Miscellaneous' section to the profile if you want to setup registry monitoring. See Miscellaneous Settings for more details.
Configure Antivirus settings
-
Click 'Assets' > 'Configuration Templates' > 'Profiles'
-
Open the profile you want to work on
Click the 'Antivirus' tab then 'Edit', if it has already been added to the profile
OR
Click 'Add Profile Section' > 'Antivirus' if it hasn't yet been added
You can use the default AV settings or import them from a predefined profile:
.png)
-
The default settings differ slightly from those in the various profiles. For example, 'Show antivirus alerts' is disabled in the security level 1 profile but is enabled in the default settings.
-
In either case, you can always modify the AV settings later as required.
-
Make your selection then click 'Ok'.
The AV settings screen opens:
-
Real Time Scan - Configure the 'always-on' virus monitor. This is the core antivirus scanner that continuously protects your endpoints against malware.
-
Scans - Create a custom scan profile. Custom scan profiles let you choose which areas you want to scan. You can also create a scan schedule. You can add multiple scan profiles to a device profile.
-
Exclusions - Files and folders that should be skipped on devices to which the profile is applied. Items you add here are excluded from real-time scans and any custom scans.
.png)
|
Realtime Scan Settings - Table of Parameters |
|
|---|---|
|
Form Element |
Description |
|
Enable Realtime Scan |
The realtime scanner ensures your devices are constantly protected from malware. The scanner inspects files whenever they are created, opened or copied.
(Default = Enabled) |
|
Enable Scanning Optimizations |
Various techniques to improve antivirus scan performance and reduce resource use.
(Default = Enabled) |
|
Do not show auto-scan alerts |
Choose whether or not to show a notification to end-users when an external device is connected to the endpoint.
(Default = Enabled with 'Ignore' option) |
|
Run cache builder when computer is idle |
The antivirus cache builder runs whenever the computer is idle to boost the speed of real-time scans. (Default = Disabled)
|
|
Scan computer memory after the computer starts |
If enabled, XCS will scan system memory for threats after a re-boot. (Default = Disabled) |
|
Show antivirus alerts |
Configure whether or not to show alerts on the endpoints when malware is discovered. Disabling will minimize disturbance to the end-user but at some loss of user awareness. If you choose not to show alerts then you have a choice of default responses that XCS should automatically take:
(Default = Enabled with 'Quarantine threats' option) |
|
Decompress and scan archive files of extensions |
The antivirus will open and scan archive files such as .jar, RAR, ZIP, ARJ, WinARJ and CAB. If enabled, you can choose which types of archive should be decompressed and scanned. Click the 'Extensions' link to view existing extensions and add new extensions. (Default = Disabled) |
|
Set new on-screen alert timeout to (secs) |
Specify how long an alert should stay on the screen at an endpoint. (Default = 120 seconds) |
|
Set new maximum file size to (MB) |
Specify the maximum file size that the antivirus should attempt to scan. Files larger than the size specified here will not be not scanned. (Default = 40 MB) |
|
Set new maximum script size limit to (MB) |
Specify the maximum size of a script that the antivirus should attempt to scan. Files larger than the size specified here are not scanned. (Default = 4 MB) |
|
Use heuristic scanning |
Enable or disable heuristics scanning and define the scan level. The scan level determines how likely the scanner is to classify an unknown file as a threat.
(Default = Enabled with 'Low ' option) Background Note: Heuristic techniques identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing a file to ascertain whether it contains code typical of a virus. It is about detecting attributes which resemble a virus, rather than looking for a signature that matches a signature on the virus blacklist. This allows the engine to predict the existence of new viruses - even if they are not in the current virus database. |
| Block all Microsoft Office documents containing macro script | Block files containing macro script except the specified files/folders so that you can prevent the damage of harmful macros in word files.
(Default = Disabled)
|
-
Click the 'Save' button at the bottom.
The 'Scans' pane allows you to view, edit, create and run custom scan profiles. Each scan profile is a collection of scanner settings that tell XCS:
-
Where to scan (which files, folders or drives should be covered by the scan)
-
When to scan (you have the option to specify a schedule)
-
How to scan (options that let you specify the behavior of the scan engine when running this profile
-
You can add multiple scan-profiles to a device profile.
Xcitium ships with four scan profiles:
-
Full Scan - XCS scans every drive, folder and file on the target device. External devices like USB drives and digital camera will also be scanned.
-
Quick Scan - XCS scans important areas which are most prone to attack from malware. Scanned areas include system memory, auto-run entries, hidden services, boot sectors and other significant areas.
-
Unrecognized Files Scan - XCS only scans files which have an 'unknown' trust rating. XCS will obtain the file's latest trust rating from the our master online database.
-
Quarantined Files Scan - XCS only scans files which are currently quarantined. XCS will obtain the file's latest trust rating from the our master online database.
Click the 'Edit' icon 
beside a profile name to modify which items are scanned, and to set up a scan schedule. For details on the parameters, see the explanation below.
Create a custom scan profile
-
Open the 'Antivirus' section of your profile.
-
'Assets' > 'Configuration Templates' > 'Profiles' > open the target profile
-
Open the 'Antivirus' section, or click 'Add Profile Section' > 'Antivirus'
-
Click the 'Scans' tab.
-
Click the 'Add' button:
-
Choose the files, folder or regions you want to scan
Target items are shown as follows:
Next, choose your scan options:
-
Click the 'Options' bar
-
See the table below the screenshot for a description of each option:
|
Scan Options - Table of Parameters |
|
|---|---|
|
Form Element |
Description |
|
Enable scanning optimizations |
The antivirus will employ various optimization techniques like running the scan in the background in order to speed-up the scanning process (Default = Enabled).
|
|
Decompress and scan compressed files |
The antivirus will open and scan archive files. Supported formats include RAR, WinRAR, ZIP, WinZIP ARJ, WinARJ and CAB archives (Default = Enabled). |
|
Use cloud while scanning |
Augments the local scan with a real-time look-up of Xcitium's online signature database. The cloud database is the most up-to-date version of our virus database, so antivirus scans are more accurate. With 'Cloud Scanning' enabled, XCS is capable of detecting zero-day malware even if the local database is out-dated. (Default = Enabled). |
|
Automatically clean threats |
XCS will automatically take action against detected threats instead of showing the results screen with a list of threats. You can choose the action to be taken from the drop-down. The available options are:
(Default = Enabled with Disinfect option) |
|
Show scan results window |
Displays a results window at the end of a virus scan. The results windows shows all threats identified by the scan. (Default = Disabled) |
|
Use heuristic scanning |
Enable or disable heuristics scanning and define the scan level. The scan level determines how likely the scanner is to classify an unknown file as a threat.
(Default = Enabled with 'Low ' option) Background Note: Heuristic techniques identify previously unknown viruses and Trojans. 'Heuristics' describes the method of analyzing a file to ascertain whether it contains code typical of a virus. It is about detecting attributes which resemble a virus, rather than looking for a signature that matches a signature on the virus blacklist. This allows the engine to predict the existence of new viruses - even if they are not in the current virus database |
|
Apply this action to suspicious autorun entries |
XCS will inspect auto-run entries, Windows services, startup items and scheduled tasks during each scan.
Applies only to XCS versions 10.7 or higher. |
|
Limit maximum file size to |
Specify the maximum file size that the antivirus should attempt to scan.(Default = 40 MB). |
|
Run this scan with |
Set the Windows priority for the scan. Choices are high, medium, low and run in the background. (Default = Enabled with Background option) |
|
Update virus database before running |
Makes XCS to check for virus database updates before a scan. Available updates will be downloaded prior to the scan. (Default = Enabled). |
|
Detect potentially unwanted applications |
XCS also scans for applications that
Example PUA's include adware and browser toolbars. PUA's are often installed as an additional extra when the user is installing an unrelated piece of software. Unlike malware, many PUA's are 'legitimate' pieces of software with their own EULA agreements. However, the 'true' functionality of the software might not have been made clear to the end-user at the time of installation. For example, a browser toolbar may also contain code that tracks a user's activity on the Internet (Default = Enabled). |
The next step is to schedule when the custom scan should be run.
-
Click 'Schedule'
|
Schedule Settings - Table of Parameters |
|
|---|---|
|
Form Element |
Description |
|
Frequency |
|
|
Run only when computer is not running on battery |
Runs the scan only if the computer is connected to the mains supply. This is useful if you are using a laptop or any other battery driven portable computer. |
|
Run only when computer is idle |
Scans will run only if the computer is in idle state. Select this if you do not want to be disturbed, or if you are running resource intensive programs and do not want the scan to take processing power. |
|
Turn off computer if no threats are found at the end of the scan |
Powers down your computer if no threats are found during the scan. For example, this is useful if you have scans which are scheduled to run at night. |
-
Click 'OK' to save the custom scan settings
The added scan profile will be listed in the screen.
-
Use the switches to enable or disable a scan-profile.
-
To change the settings for the custom scan, click the edit button
, edit the parameters and click 'OK'
-
To remove a custom scan from the list, select it and click 'Remove'
The 'Exclusions' screen under the Antivirus setting has three sub sections that allow you to add a list of paths, list of applications/files and 'File Groups' which should be excluded from the antivirus scan.
-
Click 'Exclusions'
Add excluded paths
By default the 'Excluded Paths' screen will be displayed:
-
Click 'Add'
The 'Add Excluded Path' dialog will appear:
-
Enter the full path that should be excluded from scanning and click 'OK'.
The added excluded path will be included in the list.
-
Repeat the process to include more paths
-
To change the path, click the edit button , edit the parameters and click 'OK'
-
To remove a path from the list, select it and click 'Remove'
Add excluded applications
-
Click 'Excluded Applications'
-
EDR agent will add as Exclusions in Windows Default profile.
-
Click 'Add'
-
Enter the full path including the application that should be excluded from scanning and click 'OK'
-
Repeat the process to include more applications
-
To change the application path, click the edit button , edit the parameters and click 'OK'
-
To remove an application from the list, select it and click 'Remove'
Add Excluded Groups
File groups make it easy to exclude an entire class of file types. Click 'Settings' > 'Settings' > 'System Templates' > 'File Group Variables' to view/edit/create file groups. See File Groups if you need more help.
-
Click 'Excluded Groups'
-
Click 'Add'.
The 'Add Group' dialog opens:
-
Choose the group from the 'Group' drop-down and click 'OK'.
The group will be added to the exclusions.
-
Repeat the process to add more file groups
-
Click the 'Save' button at the bottom to save the antivirus settings.
-
Click 'Delete' to remove the antivirus settings section. See Edit Configuration Profiles for more details about editing the parameters.