Using Malware Prevention
Malware Prevention can be enabled or disabled at the top of the Threat Policy page using the Malware Prevention toggle.. When enabled, threat policies you configure on the page sync with client machines running the Barracuda Content Shield Suite every 5 minutes, and the file scanner runs on the client machine:
- Whenever the user accesses a file
- Upon installation, performing a full system scan
- After rebooting, scanning only files that have been touched since the last scan
Threat policies are used to specify how you want to handle files determined to be clean, suspicious, or malicious. A file is suspicious if the service was unable to definitively determine a file to be clean or malicious; for example, the service may not be able to access a password-protected or encrypted file, and therefore cannot determine if the file is a real threat. A file is malicious if Barracuda Content Shield has scanned the file and has designated that file as a threat that should not be accessed by users. Malicious files are quarantined by default.
For best protection, set Action for Suspicious Files to Quarantine so that an administrator can review suspicious files later and decide if the file should be released or deleted from the end user’s device.
Setting Threat Policies by Account
To configure Threat Policies for an account, on the Accounts page, click Manage for that account, then do the following:
- Click Threat Policy in the left navigation menu.
- Under Scan Policy, select an Action for Suspicious Files:
- Quarantine (Recommended) – Places suspicious files into quarantine for later review. See Quarantine for details.
- Allow – Allows download, but reports on suspicious files detected.
- Under File Types, select file types you want scanned.
Under Encrypted and Password Protected Files, set Allow or Quarantine policies.
Under Removable Drives, set Scan Removable Drives to YES to have all removable drives scanned by the service, or NO to scan removable drives only when they are accessed. If you set this option to YES, you can specify exceptions in the Custom Exclusions section, described in the next step.
Finally, under Custom Exclusions, click ADD EXCLUSION to specify any files, paths, or processes, using the drive letter/path or process/application name, that you want to exclude from scanning. For a process exclusion, enter the executable name (example: explorer.exe) or the full path (C:\Program Files\explorer.exe). To edit or remove an exclusion you created, on the right side of the table, click the More Options icon () and select the action you want to take.
Your Threat Policies for this account are now configured. See also Threat Logs.