Using Malware Prevention
Malware Prevention can be enabled or disabled at the top of the THREAT POLICY page using the Malware Prevention toggle. When enabled, threat policies you configure on the page sync with client machines running the Barracuda Content Shield Suite every 5 minutes, and the file scanner runs on the client machine:
- Whenever the user accesses a file
- Upon installation, performing a full system scan
- After rebooting, scanning only files that have been touched since the last scan
- Based on the (optional) frequency you configure using the Schedule Full Scan setting
Threat policies are used to specify how you want to handle files determined to be clean, suspicious, or malicious. A file is suspicious if the service was unable to definitively determine a file to be clean or malicious; for example, the service may not be able to access a password-protected or encrypted file, and therefore cannot determine if the file is a real threat. A file is malicious if Barracuda Content Shield has scanned the file and has designated that file as a threat that should not be accessed by users. Malicious files on the endpoint are quarantined by default (does not apply to files on removable drives).
For best protection, set Action for Suspicious Files to Quarantine so that an administrator can review suspicious files later and decide if the file should be released or deleted from the end user’s device.
Setting Threat Policies by Account
To configure Threat Policies for an account, on the Accounts page, click Manage for that account, then do the following:
- Click THREAT POLICY in the left navigation menu.
- Set Malware Prevention to Enabled. Note that this setting also enables the Scan and Deliver feature. See How to Use the Barracuda Content Shield Suite for Windows for details.
- Schedule regular scans (optional) using the Schedule Full Scan feature:
- Click Schedule, or, if you have previously scheduled a scan, click on the displayed schedule. For example, Daily at 3:00 PM.
- In the popup, set Enable Schedule Scan to ON.
- Select Frequency using the drop-down for Daily, Weekly, Bi-Weekly, or Monthly. For Weekly, Bi-Weekly, or Monthly, select the appropriate day or month of the year. Set the time zone in the next drop-down.
- Click Schedule.
- To disable scheduled scans, click the box showing the current schedule. For example, Daily at 3:00 PM. In the popup, set Enable Schedule Scan to OFF. Click Schedule to save.
To run a scan immediately on endpoints, click RUN NOW.
- Under Scan Policy, select an Action for Suspicious Files:
- Quarantine (Recommended) – Places suspicious files into quarantine for later review. See Quarantine for details.
- Allow – Allows download, but reports on suspicious files detected.
- Under File Types, select file types you want scanned.
Under Encrypted and Password Protected Files, set Allow or Quarantine policies.
- Under Removable Drives, set Scan Removable Drives to YES to have all removable drives scanned by the service, or NO to scan removable drives only when they are accessed. If you set this option to YES, you can specify exceptions in the Custom Exclusions section, described in the next step.
Your Threat Policies for this account are now configured. See also Threat Logs.