Views:

Anti-Malware Configuration

Follow these steps depending on your preferred scan configuration process.

Real-time malware scan configuration

On the Deep Security console go to Policies > Malware Scan Configuration > New > New Real-time Scan Configuration.
Under General tab, name the policy.
1. Enable Document Exploit Protection.
2. Enable Predictive Machine Learning (Set to quarantine).
3. Enable Behavior Monitoring.
4. Enable AMSI, Spyware, Grayware, Intellitrap, Process Memory Scan, and Alert.
Under Inclusions tab, make sure to select All Directories.
Go to the Advanced tab. Follow the settings indicated in the following screenshots:

Manual/scheduled malware scan configuration

On the Deep Security console go to Policies > Malware Scan Configuration > New > Manual Scan Configuration.
Under General tab, name the policy. Follow the settings indicated in the following screenshot:
Under the Inclusions tab, select All Directories.
Go to the Advanced tab. Follow the settings indicated in the following screenshots:

Policy creation

On Deep Security console go to Policies > Duplicate Base Policy.
Right-click the newly created Duplicate then select Details.
Under the Overview tab, name the policy and click Save.
On the left panel go to Anti-Malware > General tab. Apply the policy created earlier with Default unchecked.
Under the Smart Protection tab, make sure Smart Scan is set to On.

Web Reputation Configuration

On the new policy, go to Web-Reputation on the left menu. Under General tab, turn it on then click Save.
Under the Smart Protection tab, follow the settings indicated in the following screenshot:

Agent Self-Protection

From the left menu, select Settings. Under General tab, apply Agent Self Protection by following the settings indicated in the screenshot below, then click Save.

Global Smart Protection Network

From the main console, go to Administration > System Settings > Smart Feedback tab. Follow the settings indicated in the screenshot below, then click Save.

Application Control Configuration

From the left menu, go to Application Control. Set Application Control State to On. Follow the rest of the settings indicated in the screenshot below.

Scheduled Tasks Configuration

Scheduled tasks for Security Updates

From the main console, go to Administration > Scheduled tasks > New > Check for Security Updates then select Daily. Click Next.
Set preferred time and time zone.
Select All Computers.
Name the task and click Finish.

Scheduled tasks for Malware Scan

From the main console, go to Administration > Scheduled Tasks > New > Scan Computers for Malware then select Weekly. Click Next.
Set preferred time, day and time zone. Click Next.
Select All Computers.

Depending on environment size, you may divide the scanning per group.
Name the tasks, and make sure to enable them. Click Finish.

Other Configurations

Firewall & Intrusion Prevention

The configuration of the Firewall and Intrusion Prevention may be complicated due to different environment setup. Please refer to the following articles for more detailed information:

Integrity Monitoring

The detailed configuration of the Integrity Monitoring (IM) is shown in the following articles:

The detailed information on IM events is shown in the article, Integrity monitoring events.

Log Inspection

The detailed information of the Log Inspection (LI) is shown in the article, Set up Log Inspection.

Users could create their own LI rules. The article, Define a Log Inspection rule for use in policies, shows detailed information for creating LI rules,

The detailed information of the LI events is shown in the article, Log inspection events.

Scanning for Recommendations (Task)

From main console, go to Administration > Scheduled tasks > New > Scan Computers for Recommendations then select Weekly. Click Next.
Set preferred time, day and time zone. Click Next.
Set Group depending on your preference.

Depending on environment size, you may divide the scanning per group or per policy.
Name the tasks, and make sure to enable them. Click Finish.

Keywords: Deep Security best practice, Deep Security BPG, Deep Security malware protection, Deep Security malware BPG, Deep Security malware configuration, Deep Security configuration for malware protection

Deep Security Best Practice Guide (BPG) for malware protection

Product / Version includes:

Deep Security12.5 , Deep Security12.0

Last updated: 2021/08/28

Solution ID: KA-0012123

Category: Configure , Remove a Malware / Virus

Summary

Learn about the additional layers of security configuration in Deep Security to protect you from malware infections.

EXPAND ALL

Anti-Malware Configuration

Follow these steps depending on your preferred scan configuration process.

Real-time malware scan configuration

On the Deep Security console go to Policies > Malware Scan Configuration > New > New Real-time Scan Configuration.
Under General tab, name the policy.
1. Enable Document Exploit Protection.
2. Enable Predictive Machine Learning (Set to quarantine).
3. Enable Behavior Monitoring.
4. Enable AMSI, Spyware, Grayware, Intellitrap, Process Memory Scan, and Alert.
Under Inclusions tab, make sure to select All Directories.
Go to the Advanced tab. Follow the settings indicated in the following screenshots:

Manual/scheduled malware scan configuration

On the Deep Security console go to Policies > Malware Scan Configuration > New > Manual Scan Configuration.
Under General tab, name the policy. Follow the settings indicated in the following screenshot:
Under the Inclusions tab, select All Directories.
Go to the Advanced tab. Follow the settings indicated in the following screenshots:

Policy creation

On Deep Security console go to Policies > Duplicate Base Policy.
Right-click the newly created Duplicate then select Details.
Under the Overview tab, name the policy and click Save.
On the left panel go to Anti-Malware > General tab. Apply the policy created earlier with Default unchecked.
Under the Smart Protection tab, make sure Smart Scan is set to On.

Web Reputation Configuration

On the new policy, go to Web-Reputation on the left menu. Under General tab, turn it on then click Save.
Under the Smart Protection tab, follow the settings indicated in the following screenshot:

From the main console, go to Administration > Scheduled tasks > New > Check for Security Updates then select Daily. Click Next.
Set preferred time and time zone.
Select All Computers.
Name the task and click Finish.

Scheduled tasks for Malware Scan

From the main console, go to Administration > Scheduled Tasks > New > Scan Computers for Malware then select Weekly. Click Next.
Set preferred time, day and time zone. Click Next.
Select All Computers.

Depending on environment size, you may divide the scanning per group.
Name the tasks, and make sure to enable them. Click Finish.

Other Configurations

Firewall & Intrusion Prevention

The configuration of the Firewall and Intrusion Prevention may be complicated due to different environment setup. Please refer to the following articles for more detailed information:

Integrity Monitoring

The detailed configuration of the Integrity Monitoring (IM) is shown in the following articles:

The detailed information on IM events is shown in the article, Integrity monitoring events.

Log Inspection

The detailed information of the Log Inspection (LI) is shown in the article, Set up Log Inspection.

Users could create their own LI rules. The article, Define a Log Inspection rule for use in policies, shows detailed information for creating LI rules,

The detailed information of the LI events is shown in the article, Log inspection events.

Scanning for Recommendations (Task)

From main console, go to Administration > Scheduled tasks > New > Scan Computers for Recommendations then select Weekly. Click Next.
Set preferred time, day and time zone. Click Next.
Set Group depending on your preference.

Depending on environment size, you may divide the scanning per group or per policy.
Name the tasks, and make sure to enable them. Click Finish.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Deep Security Best Practice Guide (BPG) for malware protection

Anti-Malware Configuration

Web Reputation Configuration

Agent Self-Protection

Global Smart Protection Network

Application Control Configuration

Scheduled Tasks Configuration

Other Configurations

Deep Security Best Practice Guide (BPG) for malware protection

Product / Version includes:

Summary

Anti-Malware Configuration

Web Reputation Configuration

Agent Self-Protection

Global Smart Protection Network

Application Control Configuration

Scheduled Tasks Configuration

Other Configurations