If you have a BCS Plus subscription, you have access to the Malware Prevention Component (MPC) included in the BCS agent for Windows endpoints. The MPC provides file-based security with several levels of risk analysis, including:
- Checking against known malware signatures
- Static file analysis
- Dynamic thread analysis
Note that the MPC is disabled by default as described below. This article discusses the features of the MPC; to configure, see How to Set Threat Policies.
Threat policies are configured on the THREAT POLICY page to specify how you want to handle files determined to be clean, suspicious, or malicious.
- A file is deemed suspicious if the file has certain attributes associated with malware, but the scanner cannot make an absolute determination. For example, the scanner cannot access a password-protected or encrypted file, and therefore cannot determine if the file is a real threat. If a 7z format archive is opened or extracted by the user, then the scanner can access the files and detect and block threats.
- A file is malicious if Barracuda Content Shield has scanned the file and has designated that file as a threat that should not be accessed by users. Malicious files (on local drives) are removed. On network and removable drives, they are not removed, but blocked from opening or executing.
- A file is clean if no malicious or suspicious indicators were found by any scanners.
You can enable the MPC by setting Malware Prevention to Enabled on the THREAT POLICY page.
When the Malware Prevention Scanner Runs on the Endpoint
When enabled, threat policies you configure on the THREAT POLICY page sync with endpoint machines running the BCS agent every 5 minutes, and the file scanner runs on the client machine:
- Upon installation, performing a full system scan
- Whenever the user accesses or downloads a file
- Based on the (optional) frequency you configure using the Schedule Full Scan setting (on the THREAT POLICY page)
Files Excluded From Scanning
Files can be excluded from or exempt from scanning based on policies you set in BCS
- Process exclusions (on-access scanner only) as configured on the EXEMPTION POLICIES page.
Path or file name exclusions as configured on the THREAT POLICY page.
Note that for application binaries, only full paths are accepted, no wildcards (*) are allowed. Network exemptions, however, do support wildcards.- File type exemptions (e.g. Microsoft Office files, PDFs, executables) configured on the THREAT POLICY page.
Scheduling Scans
You can either run a scan immediately by clicking RUN NOW on the THREAT POLICY page, or click SCHEDULE to set a regular scan schedule for endpoints. See How to Set Threat Policies for details.