VirusScope Settings
-
'VirusScope' is a XCS feature which closely monitors the activities of running processes and generates alerts if they take threatening actions.
-
The feature uses a system of 'recognizers' to detect malicious behavior and thus identify brand-new malware.
-
VirusScope alerts offer the choice to quarantine the process & undo its changes, or let the process go ahead.
-
You can choose whether VirusScope should monitor all processes, or only contained processes.
Configure VirusScope settings
-
Click 'Assets' > 'Configuration Templates' > 'Profiles'
-
Open the Windows profile you want to work on
Click the 'VirusScope' tab then 'Edit', if it has already been added to the profile
OR
Click 'Add Profile Section' > 'VirusScope' if it hasn't yet been added
The VirusScope settings screen opens:
VirusScope Configuration - Table of Parameters |
|
---|---|
Form Element |
Description |
Enable Viruscope |
Enable or disable Viruscope. If enabled, Viruscope monitors the activities of all running processes and generates alerts on suspicious activities |
Show popup alerts |
Configure whether or not alerts are shown to end-users when suspicious activity is detected.
|
Monitor contained applications only |
Choose whether VirusScope should track every process on the host, or only processes which are running in the container. |
-
Click the 'Save' button.
The VirusScope component will be added to the Windows profile.
The saved 'VirusScope' settings screen will be displayed with options to edit the settings or delete the section. See Edit Configuration Profiles for more details.