Getting Started with Anti-Virus
Enabling the Anti-Virus Software Blade
Enable the Anti-Virus Software Blade on a Security Gateway.
To enable the Anti-Virus Software Blade:
- In SmartDashboard, right-click the gateway object and select .
The window opens.
- In tab, select .
The window opens.
- Select one of the activation mode options:
- - Enable the Anti-Virus Software Blade and use the Anti-Virus settings of the Threat Prevention profile in the Threat Prevention policy.
- - Packets are allowed, but the traffic is logged according to the settings in the Threat Prevention Rule Base.
- Click
- Install the Threat Prevention policy.
Creating an Anti-Virus Policy
Create and manage the policy for the Anti-Virus Software Blade in the Threat Prevention tab of SmartDashboard. The policy shows the profiles set for network objects or locations defined as a protected scope.
- The pane shows a high-level summary of your Anti-Virus activity and traffic.
- The pane shows the rules and exceptions for the Anti-Virus policy. Click the button to get started.
- To learn about malware and protections, look through the Threat Wiki.
You can use Anti-Virus rules to disable a specified malware protection.
After you create and configure the rules, install the policy on the  specified Security Gateways.
The Anti-Bot, Threat Emulation and Anti-Virus Software Blades have a dedicated policy. You can install this policy installation separately from the policy installation of the other Software Blades.
You can update the Anti-Bot, Threat Emulation and Anti-Virus Rule Base to give immediate coverage for new malware threats. Install only the Threat Prevention policy to minimize the impact on the Security Gateways.
To install the Anti-Bot and Anti-Virus policy:
- From the tab > pane, click .
- Select the relevant options:
- Installs the policy on all Security Gateways that have Anti-Bot, Threat Emulation, and Anti-Virus enabled.
- - Select the applicable Security Gateways.
- - Install the policy on the selected Security Gateways without reference to the other targets. A failure to install on one Security Gateway does not affect policy installation on other gateways.
If the gateway is a member of a cluster, install the policy on all the members. The Security Management Server makes sure that it can install the policy on all the members before it installs the policy on one of them. If the policy cannot be installed on one of the members, policy installation fails for all of them.
- - Install the policy on all installation targets. If the policy fails to install on one of the Security Gateways, the policy is not installed on other targets of the same version.
- Click .
Blocking Viruses
Scenario: I want to block viruses and malware in my organization. How can I do this?
To block viruses in your organization:
- In the page, select the Software Blade.
The window opens.
- Select and click .
- Select > .
- Click .
A new rule is added to the Threat Prevention policy. The Software Blade applies the first rule that matches the traffic.
- Make a rule that includes these components:
- - Give the rule a name, such as .
- Add the network objects you want to protect. In this example, the network object is used.
- Select the Profile with the protection settings you want. The default profile is .
- Select the type of log to get when malware is detected. In this example, keep and also select , to capture the packets of malicious activity. In SmartView Tracker, you can see the captured packets.
- - Keep it as , or select gateways to install the rule on.
- Install the Threat Prevention policy.
|
|
