Agent settings: Ivanti Mac Antivirus

Ivanti Mac Antivirus features are accessed from the Agent settings tool window (Tools > Security and Compliance > Agent settings). In the Agent settings window, right-click Ivanti Mac Antivirus - Mac, and then click New....

Ivanti Mac Antivirus allows you download and manage antivirus content (virus definition files), configure antivirus scans, and customize antivirus scanner settings that determine how the scanner appears and operates on target devices and which interactive options are available to end users. You can also view antivirus-related information for scanned devices, enable antivirus alerts, and generate antivirus reports.

The main section for Ivanti Mac Antivirus introduces this complementary security management tool, which is a component of both Ivanti® Endpoint Manager and Ivanti® Endpoint Security for Endpoint Manager. In that section you'll find an overview, antivirus content subscription information, as well as step-by-step instructions on how to use Antivirus features.

This section contains help topics that describe the Ivanti Mac Antivirus settings dialog box. From the console interface, access these topics by clicking Help on each dialog box.

About the Ivanti Mac Antivirus General page

Use this page to configure the Ivanti Mac Antivirus setting name.

This page contains the following options:

• Name: Identifies the Antivirus settings with a unique name. This name appears in the settings list on the Antivirus scan task dialog box, on other dialogs, and in the console.

About the Ivanti Mac Antivirus Protection page

Use this page to configure the way File Antivirus works with Ivanti Mac Antivirus on target devices.

This page contains the following options:

• Enable File antivirus: Enables real-time scanning of files on target devices. If you do not enable File Antivirus, the collected statistics appear in the Completed tasks section of the report window. When the component runs, it generates a new report. By default, File Antivirus is enabled and configured with the recommended settings.
• If a malicious object is detected:
  • Prompt for action
  • Disinfect automatically
    • Delete if disinfection fails
• Enable Web antivirus: Enables real-time scanning of web traffic, website URLs, and links on target devices.
• If a malicious object is detected:
  • Prompt for action
  • Block automatically
• Check secure connections (HTTPS): Enables real-time scanning of HTTPS traffic.
• Network attack blocker: Monitors incoming network traffic for signs of a network attack. If an attack is detected, the source IP address will be blocked.

About the Virus Scan: Full and Critical scan pages

Use these pages to configure full scan and critical scan options. A full scan searches for viruses on your computer with a thorough scan of all hard drives. A quick scan searches only critical areas of the computer for viruses, including folders with operating system files and system libraries.

These pages have the following options:

• Security Level: Specifies one of the three file security levels (High, Recommended, or Low).
  • High: File Antivirus takes the strictest control of all files that are opened, saved, and started. File Antivirus scans all file types on all hard drives, network drives, and removable storage media of the computer. It also scans archives, installer packages, and embedded OLE objects.
  • Recommended: File Antivirus scans only the specified file formats on all hard drives, network drives, and removable storage media of the computer. It also scans embedded OLE objects. With the Recommended setting, File Antivirus doesn't scan archives or installer packages. This is the default security level.
  • Low: Ensures the maximum scanning speed. With this setting, File Antivirus scans only files with specified extensions on all hard drives, network drives, and removable storage media of the computer. File Antivirus won't scan compound files.
    
• Scope settings tab
  • File types: There are some file formats (such as .txt) for which the probability of intrusion of malicious code and its subsequent activation is quite low. At the same time, there are file formats that contain or may contain executable code (such as .exe, .dll, and .doc). The risk of intrusion and activation of malicious code in such files is quite high.
    • All files: Scans all files, regardless of extension.
    • Files scanned by format: The scanner analyzes file headers to determine the file format, ignoring the file extension in the file name. This can protect users from executables that were named with a different extension, such as .txt. Such a file is then thoroughly scanned for viruses and other malware.
    • Files scanned by extension: The scanner uses the filename extension to determine whether it should be scanned.
  • Skip files that are scanned for longer than: If the scanner spends too much time on a file, you can have it skip that file.
  • Skip files that are larger than: If the scanner encounters a file larger than the size you specify, you can have it skip that file.
  • Scan only new and changed files: Scans only new files and files that have been modified since the previous scan.
  • Scan archives: Scans files inside archive formats, such as RAR, ARJ, ZIP, CAB, LHA, and JAR.
  • Scan embedded ole objects: Scans files that are embedded in another file, such as Microsoft® Office Excel® spreadsheets, macros that are embedded in Microsoft® Office Word® files, or email attachments.
  • Parse email formats: Scans all email messages that are transmitted via the POP3, SMTP, IMAP, MAPI, and NNTP protocols.
  • Scan password-protected archives
• Action: Specifies the action that File Antivirus performs if infected files are detected. Before attempting to disinfect or delete an infected file, File Antivirus creates a backup copy for subsequent restoration or disinfection.
  • Prompt for action when the scan is complete: When the scan is complete, the user is given the choice of disinfecting or deleting infected files.
  • Prompt for action during scan: When the scan detects an infected file, the scan pauses and the user is given the choice of disinfecting or deleting the infected file. Once a choice is made the scan resumes.
  • Do not prompt for action: The scanner takes action without prompting the user. Select the default action below:
    • Disinfect: Automatically attempt to disinfect all infected files that are detected. File Antivirus applies the Delete action to files that are part of the Windows Store application.
    • Delete if disinfection fails: Automatically delete all infected files
• Run mode
• Additional settings tab
  • Scan methods
  • Heuristic analysis: Specifies whether Antivirus will use heuristic analysis during scanning of email. This technology detects files that may be infected with an unknown virus. If Antivirus detects malicious code in a file during heuristic analysis, it will mark the file as probably infected. Move the slider along the horizontal axis to change the detail level for heuristic analysis. The detail level for heuristic analysis sets the balance between the thoroughness of searching for new threats, the load on the resources of the operating system, and the duration of heuristic analysis. The following levels of detail of heuristic analysis are available:

    • Light: Heuristic Analyzer doesn't perform all instructions in executable files while scanning for malicious code. At this level of detail, the probability of detecting threats is lower than at the Medium scan and Deep scan levels. Light scanning is faster and less resource-intensive.

    • Medium: When scanning files for malicious code, the Heuristic Analyzer balances performance and scan sensitivity in executable files. The medium scan detail level is selected by default.

    • Deep: When scanning files for malicious code, the Heuristic Analyzer performs more instructions in executable files than at the Light scan and Medium scan levels of heuristic analysis. At this level of detail, the probability of detecting threats is higher than at the Light scan and Medium scan levels. Deep scanning consumes more system resources and takes more time.

  • iSwift technology: Specifies the scan technology that antivirus uses when scanning files. The iSwift technology allows antivirus to exclude certain objects from scan using a special algorithm in order to increase the scan speed. The algorithm takes into account the release date of the antivirus databases, the date of the most recent scan of an object, and any changes to the scan settings. This technique works with objects of any format, size, and type.

About the Ivanti Mac Antivirus Threats page

Use this page to configure the way Ivanti Mac Antivirus handles various types of malware.

This page contains the following options:

• Malware categories: Allows you to create a list of threats to detect by enabling control of the most dangerous types of malware.
  • Virus, worms, Trojans, hack tools: This group includes the most common and dangerous categories of malware. Ivanti Mac Antivirus always controls malware from this group. This option is selected by default and cannot be cleared.
  • Adware: Enables control of riskware. This option is selected by default.
  • Auto-dialers: Enables control of programs that establish phone connections over a modem in hidden mode. This option is selected by default.
  • Other programs: Enables control of programs that are not malicious or dangerous but under certain circumstances may be used to do harm to your computer.

• Trusted zone: Specifies the objects that Ivanti Mac Antivirus will exclude from the scan. Click Add... to specify the object, threat type, and component for each trusted item.
• Object: Specify all objects or enter the path to a trusted object. The name of a file, folder, or a file mask can be specified as an object.
• Threat type: Specify all threats or enter a threat name. The box next to each element of the list enables or clears the use of this exclusion rule. All boxes are checked by default. The list of trusted zone objects is blank by default.
• Component: Specify whether to exclude the trusted item from File Antivirus, Virus scan, or both.

About the Ivanti Mac Antivirus Scheduled Tasks: Update page

Use this page to configure virus definition (pattern) file updates scheduling, user download options, and access options for target devices with these antivirus settings. To schedule an update, click Update on the Scheduled Tasks page.

This page contains the following options:

• Download "pilot" version of virus definition files: Click this option to download virus definition files from the pilot folder instead of from the default location on the core server. Virus definitions in the pilot folder can be downloaded by a restricted set of users for the purpose of testing the virus definitions before deploying them to the entire network. When you create an antivirus scan task, you can also choose to download the latest virus definitions updates, including those residing in the pilot test folder, then associate an antivirus settings with this option enabled to ensure that the test devices receive the latest known virus definition files. If this option is selected, virus definition files in the default folder are not downloaded.
• Download virus definition updates from: Specifies the source site (core server or Kaspersky content server) from which virus definition files are downloaded.
•  Preferred server/Peer download options: Allows you to configure core server settings if you've selected one of the download source site options that includes the core.
  • Attempt preferred server: Prevents virus definition file downloads via a preferred server. For more information about preferred servers, see About software distribution.
• Bandwidth used from core or preferred server (WAN): Specifies the bandwidth used. You can move the slider or enter a value in the percentage box.
• Update application modules: Enables downloads of application module updates along with antivirus database updates. If selected, Ivanti Mac Antivirus includes application module updates in the update package when the application runs the update task. This option is selected by default.

• Scheduled tasks:
  • Update: Specifies when to update virus definitions. Click Change schedule... to open the Schedule periodic virus definition updates window, where you can select the frequency and time of an update.

About the Ivanti Mac Antivirus Reports page

Use this page to configure Ivanti Mac Antivirus Reports settings on target devices.

This page contains the following options:

• Reports:
  • Log non-critical events: Enables the logging of information-type events. As a rule, these events are not important for security.
  • Keep only recent events: Enables the logging of important events only, which have occurred at the last run of the task. If the box is checked, the information will be updated every time the task is restarted. At that, important information (such as entries of detected malicious objects) will be saved, while non-critical information will be deleted.
  • Delete reports after: Specifies the maximum report storage term in number of days. The default maximum storage term for reports is 30 days. After that period of time, Ivanti Mac Antivirus automatically deletes the oldest entries from the report file.
• Quarantine and Backup storage: Allows you to configure quarantine and backup settings. The data storage comprises a quarantine catalog and storage for backup copies of files.
  • Delete objects after: Specifies the maximum storage term for files in quarantine and copies of files in backup. The maximum file storage term is measured in days. The default maximum storage term for files is 30 days. After expiration of the maximum storage term, Ivanti Mac Antivirus deletes the oldest files from Quarantine and Backup.

About the Ivanti Mac Antivirus Appearance page

Use this page to configure the Appearance settings that Ivanti Mac Antivirus will use on target devices.

This page contains the following options:

• In Menu Bar: Displays the Ivanti Mac Antivirus icon in the menu bar. This option is selected by default.
• In Dock; Displays the Ivanti Mac Antivirus icon in the Dock. Any changes you make to the location of the icon will appear after you restart the application.
• Nowhere: Click this option if you do not want the Ivanti Mac Antivirus icon to appear.