When you set up on-access scanning in your Anti-Virus policy, the Endpoint Security and Control on-access scanner monitors your system for:
- potentially unwanted applications (off by default)
- suspicious files (off by default)
- suspicious behavior (alert only by default)
- buffer overflows (alert only by default)
- malicious web content (alert only by default)
When it detects any of these items, it will block the suspicious item's access to the system until you authorize it or clean it up.
For more information...
To learn more about the different types of detections, please see the following documentation:
Host Intrusion Prevention System describes our suspicious file, suspicious behavior, and buffer overflow prevention functionality in much more detail.
Overview of Potentially unwanted applications explains how we detect spyware, adware and other applications that may have a legitimate use on your network.
Web content filtering describes how the on-access scanner checks websites for malicious scripts and other objects before loading them in your end users' web browsers.
Contextual detections explains how we analyze the system to ensure that we detect all malicious behavior. This is a regular feature of our on-access anti-virus scanning.
How to deploy and configure customized on-access scan settings
Use the Policy Setup Guide to understand the procedure for setting up the on-access settings in your anti-virus policies.
Use the Guide to On-Access Settings to understand how each setting works and whether you need to apply it to your environment or not.