From eScan Wiki
||· eScan · MailScan · Technologies||· Technical Info · Security Awareness · User Guides|
eScan Version 11 (and above) Online Help
File Anti-Virus is a part of the eScan’s Protection feature. This module monitors and safeguards your computer on a real-time basis from all kinds of malicious software as files are accessed, copied, or executed. This module includes the Proactive Scanning feature, which helps you to block applications that perform suspicious activities. File Anti-Virus also includes the Block Files feature. This feature allows you to block or quarantine files from being accessed from local or network drives. In addition, File Anti-Virus also allows you to enable Folder Protection, which prevents users from creating, deleting, or updating files or subfolders within specified folders.
There are four tabs – Objects, Options, Block Files, and Folder Protection, which are as follows:
This tab provides you with a number of settings for fine-tuning the File Anti Virus module as per your requirements. For example, you can configure module to scan specific storage devices or exclude files of a given file type.
- Actions in case of virus detection: This section lists the different actions that File Anti Virus can perform when it detects a virus infection. These actions are Report only, Disinfect, Quarantine, and Delete object. Out of these, the Disinfect option is selected by default. By default, the quarantined files are saved in C:\Program Files\eScan\Infected folder
- Scan local removable disk drives: [Default] You should select this check box if you need to scan all the local removable drives attached to the computer.
- Scan local hard disk drives: [Default] You should select this check box if you need to scan all the local hard drives installed to the computer.
- Scan network drives: [Default] You should select this check box if you need to scan all the network drives, including mapped folders and drives, connected to the computer.
- Scan files of following types: You should select this option if you need to scan all files, only infectable files, and files by extension(Scan by mask). eScan provides you with a list of default files and file types that it scans by extension. You can add more items to this list or remove items as per your requirements by using the Add / Delete option.
- Exclude by mask: [Default] You should select this check box if you need the File Anti Virus monitor to exclude all the objects in the Exclude by mask list during real time monitoring or scanning. You can add or delete a file or a particular file extension by double-clicking the Add / Delete option.
- Not a virus list: [Default] File Anti Virus is capable of detecting riskware. Riskware refers to software that are originally not intended to be malicious but somehow can pose as a security risk to critical operating system functions. You can add the names of riskware, such as remote admin software, to the riskware list in the Not a virus list dialog box by double-clicking the Add / Delete option if you are certain that they are not malicious. The riskware list is empty by default.
- Exclude Files/Folders: [Default] You should select this check box if you want File Anti Virus to exclude all the listed files, folders, and sub folders while it is monitoring or scanning folders. The Files/Folders added to this list will be excluded from the real –time scan as well as on-demand scan.You can add or delete files/folders from the list of by clicking the Add / Delete option.
- Scan compound objects: [Default] You should select this check box if you want eScan to scan archives and packed files during scan operations. By default, Packed is selected.
- Enable code analyser: You should select this check box if you want eScan to scan your computer for suspicious objects or unknown infections by using the heuristic analyzer. When this check box is selected, File Anti Virus not only scans and detects infected objects by using the definitions or updates, but it also checks for suspicious files stored on your computer.
This tab helps you configure the basic settings for the File Anti Virus module, such as the maximum size of log files and the path of the destination folder for storing log files, quarantined objects, and report files.
You can configure the following settings:
- Save report file: [Default] You should select this check box if you need eScan to save the reports generated by the File Anti-Virus module. The report file logs information about the scanned files and the action taken by File Anti Virus when an infected file was found during the scan.
- Show pack info in the report: [Default] You should select this check box if you need File Anti-Virus to add information regarding scanned compressed files, such as .ZIP and .RAR files to the Monvir.log file.
- Show clean object info in the report: You should select this check box if you need File Anti-Virus to add information regarding uninfected files found during a scan operation to the Monvir.log file. You can select this option to find out which files are not infected.
- Limit size to (Kb) (avpM.rpt): Select this check box if you need File Anti-Virus to limit the size of the Monvir.log file and avpM.rpt file. You can double-click the size box and specify the size of the log file.
- Enable Auto backup / Restore: [Default] This check box helps you back up the critical files of the Windows® operating system installed on your computer and then automatically restore the clean files when eScan finds an infection in any of the system files that cannot be disinfected. You can do the following settings:
- Do not backup files above size (KB): [Default] This option helps you prevent File Anti Virus from creating backup of files that are larger than the file size that you have specified.
- Minimum disk space (MB): [Default] eScan Auto-backup will first check for the minimum available space limit defined for a hard disk drive. If the minimum define space is available then only the Auto-backup will function, if not it will stop without notifying. You can allot the Minimum disk space to be checked from this option.
- Limit file size to (KB): [Default] This check box enables you to set a limit size for the objects or files to be scanned. The default value is set to 20480 Kb.
- Enable Proactive Scan: When you select this check box, File Anti Virus monitors your computer for suspicious applications and prompts you to block such applications when they try to execute.
- Use sound effects for the following events: This check box helps you configure eScan to play a sound file and show you the details regarding the infection within a message box when any malicious software is detected by File Anti Virus. However,you need to ensure that the computer’s speakers are switched on.
- Display attention messages: [Default] When this option is selected, eScan displays an alert, which displays the path and name of the infected object and the action taken by the File Anti Virus module.
This tab helps you configure settings for preventing executables and files, such as autorun.inf, on network drives, USB drives, and fixed drives from accessing your computer.
You can configure the following settings:
- Deny access of executables on USB Drives: You should select this check box if you need to prevent executables stored on USB drives from being accessed.
- Deny access of AUTORUN.INF on USB and Fixed Drives: [Default] You should select this check box if you need to prevent executables from USB and fixed drives from being accessed.
- Deny access of executable from Network: You should select this check box if you need to prevent executables on the client computer from being accessed from the network.
- User defined whitelist: This option is effective when the Deny access of executable from Network tab is enabled. You can use this option to enter the folders that need to be whitelisted so that executables can be accessed in the network from the folders mentioned under this list. You need to click the Add button.
- Enter the complete path of the folder to be whitelisted on the client systems. You can either whitelist the parent folder only or select the Include subfolder option for whitelisting the child folders as well.
- Deny Access of following files: [Default] You should select this check box if you need to prevent the files in the list from running on the Client computers.
- Quarantine Access-denied files: You should select this check box if you need to quarantine files that have been Access-denied.
- You can prevent specific files from running on the eScan client computer by adding them to the Block Files list. By default, this list contains the value %sysdir%\\*.EXE@. You need to click the Add Button.
- Enter the full name of the file to be blocked from execution on the client systems.
This tab helps you protect specific folders from being modified or deleted by adding them to the Folder Protection list. It allows you to configure the following setting:
- Protect files in following folders from modification and deletion: [Default] This option is selected by default. You should select this check box if you need the File Anti-Virus module to protect files in specific folders from being modified or deleted on the client systems. You need to click the Add button.
- Enter the complete path of the folder to be protected on the client systems. You can either protect the parent folder only or select the Include subfolder option for protecting the child folders as well.
- Note:- Click the Default button, if you want to apply default settings, which are done during installation of eScan. It loads and resets the values to the default settings.
- Use options present under this tab to restrict or allow remote or local users from modifying Folders, subfolders, Files or Files with certain extensions. eScan allows you to Add/ remove Folders, subfolders, Files or Files with certain extensions to restrict or allow the user to modify them.
- Enable eScan Remote File Rights: Select this check box to allow/ restrict the remote users to make any modifications to the file.
- Do not allow remote users to modify the following local files: The Files added to this list cannot be changes by the remote users.
- Allow modification for following files: The files added to this list can be modified by the remote user.
- Enable eScan local file rights: Select this checkbox to allow / restrict the local users to make any modifications to the file.
- Do not allow local users to modify the following files: the files added to this list cannot be modified by the local users.
- Allow modification for files: The files added to this list can be modified by the local users.
- Add: This will allow you to add the files or the folder path to the list
- Delete: This will remove the selected file or folder and subfolder from the list.
- Remove all: This will remove all the files and folders from the list.