- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
How to Configure Custom Policies for SonicWall Enforced Client
03/26/2020 
12 People found this article helpful
195,269 Views
Description
SonicWall Enforced Kaspersky Client Anti-Virus and Anti-Spyware provides comprehensive end-point protection for desktops and laptops. The automated anti-virus and anti-spyware deployment keeps administrative overhead to a minimum, while also enforcing policy and making sure that each endpoint is protected before connecting. Kaspersky Client Anti-Virus and Anti-Spyware has the following features:
- Protects Desktops/Laptops from viruses.
- Automatically updates clients
- Enforces virus protection
- Centrally manages reporting
- Central manages policy-enforcement.
- Includes on-demand scanning
This article illustrates how to create Enforced Client AV (ECAV) policies.
Resolution
The following steps are involved in creating a new ECAV policy:
1. Accessing the Enforced Client Anti-Virus Policy & Reporting Server.
- Login the SonicWall Management GUI.
- Navigate to the Security Services | Client AV Enforcement page.
- Click on the link under the Kaspersky Client AV Status box.
Login using the MySonicWall.com username and password or using the appliance Authentication Code. In the SonicWall EPRS page, click on Policies.
About the Default Policy
The Policies page contains a default policy called Default Policy. The Default Policy is configured to be moderately strict, and is suitable for use with most ECAV clients. It cannot be edited or deleted. All clients and client groups are assigned the default policy. To view the Default Policy settings, navigate to the ECAV | Policies page and click the View icon under Configure in the Default Policy row.
The Edit Policy window opens. The General tab displays the Name and Comment fields for the Default Policy.
On the Kaspersky AV tab, under Agent Version Settings, the Agent Version is set to Stable Release. The Default Policy does not use the Latest Release or any particular release.
Under Scans, four different Scans are configured for the Default Policy:
- OnAccess These scan settings include configuration for the File Monitor, Web Monitor and Mail Monitor. These monitors are used for real time scanning. Scan settings, inclusions, exclusions, and trusted processes are configured.
- Manual These scan settings are used when the client specifically requests a scan, and includes configuration to scan containers within one level of compression, and for a set period of time. Manual scan also scans mail messages and databases, and packed files. Scan settings, exclusions, and critical areas are configured.
- Scheduled File A scheduled file scan for all fixed drives on the client machine that runs a single time at 12:00 midnight after the policy is applied to the client.
- Scheduled Critical Areas A scheduled file scan for critical areas on the client file system that runs once a day at 11:00 PM.
Default OnAccess Scan Settings
Settings Tab
On the Settings tab, the File Scan Settings are shown.
For the Default Policy, the File Scan Settings are set as follows:
- Heuristics Level The Heuristics Level is set to Low. The advanced heuristic code analyzer is on, and the scanning level will be shallow. This setting is appropriate for both on-demand scanning and Real Time monitoring.
- Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
- Working Mode The Working Mode is set to Smart. In this mode, file access attempts are intercepted by using a special "smart" algorithm that guarantees a reasonable security level, but does not significantly affect the system performance.
- Scan Within Containers This checkbox is not selected, meaning that no scanning of the contents of container files, such as ZIP or CAB files, is performed. The Max Archive File Size is not used in this mode.
- Timeout The maximum number of seconds that a file will be scanned is set to 3 seconds.
Exclusions Tab
On the Exclusions tab, filters are configured to exclude .txt and .log files from scanning.
Inclusions Tab
On the Inclusions tab, no filters are configured to include certain files or folders when scanning.
Processes Tab
On the Processes tab, no applications are configured as trusted applications with defined behaviors.
Default Manual Scan Settings
Settings Tab
On the Settings tab of the Manual Scan Settings window, the File Scan Settings are shown.
For the Default Policy, the File Scan Settings for Manual Scan are set as follows:
- Heuristics Level The Heuristics Level is set to Medium. The advanced heuristic code analyzer is on, with medium scanning level. For a manual scan that only occurs when requested by the user, the Medium setting is fine and will not impact system performance.
- Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
- Scan Within Containers This checkbox is selected to open and scan the contents of container files, such as ZIP or CAB files. The Max Container Scan Depth is set to 1, indicating that only the first level of container will be scanned, and no containers within the container are scanned.
- Timeout The maximum number of seconds that a file will be scanned is set to 300 seconds.
- Scan Mail Messages This checkbox is selected to scan email messages.
- Scan Mail Databases This checkbox is selected to scan email databases.
Exclusions Tab
On the Exclusions tab, no filters are configured to exclude any files from scanning.
Critical Areas Tab
The Critical Areas Settings are the same as the File Scan Settings on the Settings tab, and, in the Default Policy, are configured with the same values.
Default Scheduled File Scan Settings
Settings Tab
On the Settings tab of the Scheduled Scan Settings window for the File scan type, the File Scan Settings are shown.
For the Default Policy, the File Scan Settings for Scheduled File Scan are set as follows:
- Heuristics Level The Heuristics Level is set to Medium. The advanced heuristic code analyzer is on, with medium scanning level. For a manual scan that only occurs when requested by the user, the Medium setting is fine and will not impact system performance.
- Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
- Scan Within Containers This checkbox is selected to open and scan the contents of container files, such as ZIP or CAB files. The Max Container Scan Depth is set to 1, indicating that only the first level of container will be scanned, and no containers within the container are scanned.
- Timeout The maximum number of seconds that a file will be scanned is set to 300 seconds.
- Scan Mail Messages This checkbox is selected to scan email messages.
- Scan Mail Databases This checkbox is not selected, so no email databases will be scanned.
Exclusions Tab
On the Exclusions tab, filters are configured to exclude .txt and .log files from scanning.
Inclusions Tab
On the Inclusions tab, a filter for All fixed disks is configured to include all hard drives on the computer for scanning. Because an inclusion filter is specified, only the items defined by the inclusion file filters are scanned and everything else is excluded.
Schedule Tab
On the Schedule tab, a time based schedule is configured for the scan.
This fixed disk scan is configured to run once, at midnight on January 1st.
Default Scheduled Critical Areas Scan Settings
Critical Areas Tab
On the Critical Areas tab of the Scheduled Scan Settings window for the Critical Areas scan type, the Critical Areas Settings are shown.
For the Default Policy, the Critical Areas Settings are set as follows:
- Heuristics Level The Heuristics Level is set to Medium. The advanced heuristic code analyzer is on, with medium scanning level. For a manual scan that only occurs when requested by the user, the Medium setting is fine and will not impact system performance.
- Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
- Scan Within Containers This checkbox is selected to open and scan the contents of container files, such as ZIP or CAB files. The Max Container Scan Depth is set to 1, indicating that only the first level of container will be scanned, and no containers within the container are scanned.
- Boot Sector This checkbox is selected to scan the boot sector of the hard disk.
- System Memory This checkbox is selected to scan system memory.
- Startup Objects This checkbox is selected to scan files that run at system startup. If selected, you can select Qscan.
- Scan Mail Messages This checkbox is selected to scan email messages.
- Scan Mail Databases This checkbox is not selected, so no email databases will be scanned.
Schedule Tab
On the Schedule tab, a time based schedule is configured for the Critical Areas scheduled scan.
This critical areas scan is configured to run Daily, at 11:00 PM.
Adding a New Policy
A new policy can be created by either clicking on Add New Policy or cloning the default policy. To clone, click on the Clone button at the far end of the default policy.
In either method, the Add Policy window will pop-up with General and Kaspersky AV tabs.
General tab
Name: Enter a name for the policy.
Comment: Descriptive information about the policy.
Kaspersky AV tab
Agent Version: Stable Release
OnAccess: Pre-installed scan type to always monitor the system in the background for malware. Cannot be deleted
Manual: Pre-installed scan type to scan files, folders and removable disks when prompted to do so. Cannot be deleted
Add New Scheduled Scan: User created scan type to scan the system at a scheduled time.
- Comment: Descriptive information.
- Disable: Disables OnAccess Scan
- Settings
- Exclusions
- Inclusions
- Processes
 |
|
 | Select Type: File / Folder Location:
|
 | Location:
|
 | Process Location: Allow to Open Files: Analyze Behavior: Allow Registry Use: Allow Network Use: SSL Only: |
- Comment: Descriptive information.
- Settings
- Exclusions
- Critical Areas
 |
|
 | Select Type: File / Folder Location:
|
 |
|
Comment: Descriptive information.
Scheduled Scan Type: File / Critical Areas. Default = File
- Settings
- Exclusions
- Inclusions
- Schedule
 |
|
 | Exclusion File Filter Settings Select Type: File / Folder Location:
|
 | Select Type: File / Folder Location:
|
Related Articles
- How to Setup the SonicWave 600 series
- Identical Access Rules for different users/user groups
- Advanced Network Security eLearning Training Course
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO