This article covers how to configure malware prevention policies using the THREAT POLICY page. Threat policies are used to specify how you want to handle files determined to be clean, suspicious, or malicious. For details on these terms, what the Malware Prevention feature is, and how it works, see Malware Prevention With Barracuda Content Shield.
To configure content filter policies, see How to Configure DNS Filtering and Policies and How to Configure Advanced Filtering Policies .
Using the Malware Prevention Feature
Malware Prevention can be enabled or disabled at the top of the THREAT POLICY page using the Malware Prevention toggle. When enabled, threat policies you configure on the page sync with client machines running the Barracuda Content Shield (BCS) agent every 5 minutes, and the file scanner runs on the client machine:
- Whenever the user accesses a file
- Upon installation, performing a full system scan
- Based on the (optional) frequency you configure using the Schedule Full Scan setting
If you disable Malware Prevention on the THREAT POLICY page, threat policies will not be applied on the endpoint machines. The Status tab on the BCS agent interface on the clients will show Content Protection Disabled. Web content filtering will still apply to web traffic per policy.
Setting Threat Policies by Account
To configure Threat Policies for an account, on the Accounts page, click Manage for that account, then do the following:
- Click THREAT POLICY in the left navigation menu.
- Set Malware Prevention to Enabled.
- Schedule regular scans (optional) using the Schedule Full Scan feature:
- Click Schedule, or, if you have previously scheduled a scan, click on the displayed schedule. For example, Daily at 3:00 PM.
- In the popup, set Enable Schedule Scan to ON.
- Select Frequency using the drop-down for Daily, Weekly, Bi-Weekly, or Monthly. For Weekly, Bi-Weekly, or Monthly, select the appropriate day or month of the year. Set the time zone in the next drop-down.
- Click Schedule.
To disable scheduled scans, click the box showing the current schedule. For example, Daily at 3:00 PM. In the popup, set Enable Schedule Scan to OFF. Click Schedule to save.
- Under Scan Policy, select an Action for Suspicious Files:
- Quarantine (Recommended) – Places suspicious files into quarantine for later review. For best protection, set Action for Suspicious Files to Quarantine so that an administrator can review suspicious files later and decide if the file should be released or deleted from the end user’s device. See Quarantine for details.
- Allow – Allows download, but reports on suspicious files detected.
- Under File Types, select file types you want scanned.
Under Encrypted and Password Protected Files, set Allow or Quarantine policies.
Under Removable Drives, set Scan Removable Drives to YES to have all removable drives scanned by the service, or NO to scan removable drives only when they are accessed. Note that suspicious/malicious files found on removable drives will be quarantined in place, rather than moving them off of the removable drive to the Quarantine folder. The user is protected by preventing access to the quarantined files. These files remain intact and can be accessed by a system that is not running BCS Plus.
- Under Custom Exclusions, you can specify either a filename or full path to a file for exclusion from scanning.
- Click +Add Exclusion.
- In the popup, select either File or Path from the Exception Type drop-down.
Enter the value of the filename or path per the example syntax shown in the text box.
Note that for application binaries, only full paths are accepted, no wildcards (*) are allowed. Network exemptions, however, do support wildcards.
To exclude processes (for example, explorer.exe) from scanning, use the EXEMPTION POLICIES page.
Your Threat Policies for this account are now configured. See also Threat Logs.