Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

How to Configure Custom Policies for SonicWall Enforced Client

03/26/2020 12 People found this article helpful 195,269 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    SonicWall Enforced Kaspersky Client Anti-Virus and Anti-Spyware provides comprehensive end-point protection for desktops and laptops. The automated anti-virus and anti-spyware deployment keeps administrative overhead to a minimum, while also enforcing policy and making sure that each endpoint is protected before connecting. Kaspersky Client Anti-Virus and Anti-Spyware has the following features:

    • Protects Desktops/Laptops from viruses.
    • Automatically updates clients
    • Enforces virus protection
    • Centrally manages reporting
    • Central manages policy-enforcement.
    • Includes on-demand scanning

    This article illustrates how to create Enforced Client AV (ECAV) policies.

    Resolution

    The following steps are involved in creating a new ECAV policy:


    1. Accessing the Enforced Client Anti-Virus Policy & Reporting Server.

    • Login the SonicWall Management GUI.
    • Navigate to the Security Services | Client AV Enforcement page.
    • Click on the link under the Kaspersky Client AV Status box.

    Image
    Login using the MySonicWall.com username and password or using the appliance Authentication Code. In the SonicWall EPRS page, click on Policies.

    Image
    Image


    About the Default Policy

    The Policies page contains a default policy called Default Policy. The Default Policy is configured to be moderately strict, and is suitable for use with most ECAV clients. It cannot be edited or deleted. All clients and client groups are assigned the default policy. To view the Default Policy settings, navigate to the ECAV | Policies page and click the View icon under Configure in the Default Policy row.

    Image

    The Edit Policy window opens. The General tab displays the Name and Comment fields for the Default Policy.

    Image

    On the Kaspersky AV tab, under Agent Version Settings, the Agent Version is set to Stable Release. The Default Policy does not use the Latest Release or any particular release.

    Image

    Under Scans, four different Scans are configured for the Default Policy:

    • OnAccess These scan settings include configuration for the File Monitor, Web Monitor and Mail Monitor. These monitors are used for real time scanning. Scan settings, inclusions, exclusions, and trusted processes are configured.
    • Manual These scan settings are used when the client specifically requests a scan, and includes configuration to scan containers within one level of compression, and for a set period of time. Manual scan also scans mail messages and databases, and packed files. Scan settings, exclusions, and critical areas are configured.
    • Scheduled File A scheduled file scan for all fixed drives on the client machine that runs a single time at 12:00 midnight after the policy is applied to the client.
    • Scheduled Critical Areas A scheduled file scan for critical areas on the client file system that runs once a day at 11:00 PM.

    Default OnAccess Scan Settings

    Settings Tab

    On the Settings tab, the File Scan Settings are shown.

    Image


    For the Default Policy, the File Scan Settings are set as follows:

    • Heuristics Level The Heuristics Level is set to Low. The advanced heuristic code analyzer is on, and the scanning level will be shallow. This setting is appropriate for both on-demand scanning and Real Time monitoring.
    • Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
    • Working Mode The Working Mode is set to Smart. In this mode, file access attempts are intercepted by using a special "smart" algorithm that guarantees a reasonable security level, but does not significantly affect the system performance.
    • Scan Within Containers This checkbox is not selected, meaning that no scanning of the contents of container files, such as ZIP or CAB files, is performed. The Max Archive File Size is not used in this mode.
    • Timeout The maximum number of seconds that a file will be scanned is set to 3 seconds.

    Exclusions Tab

    On the Exclusions tab, filters are configured to exclude .txt and .log files from scanning.

    Inclusions Tab

    On the Inclusions tab, no filters are configured to include certain files or folders when scanning.

    Processes Tab

    On the Processes tab, no applications are configured as trusted applications with defined behaviors.

    Default Manual Scan Settings

    Settings Tab

    On the Settings tab of the Manual Scan Settings window, the File Scan Settings are shown.

    Image
    For the Default Policy, the File Scan Settings for Manual Scan are set as follows:

    • Heuristics Level The Heuristics Level is set to Medium. The advanced heuristic code analyzer is on, with medium scanning level. For a manual scan that only occurs when requested by the user, the Medium setting is fine and will not impact system performance.
    • Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
    • Scan Within Containers This checkbox is selected to open and scan the contents of container files, such as ZIP or CAB files. The Max Container Scan Depth is set to 1, indicating that only the first level of container will be scanned, and no containers within the container are scanned.
    • Timeout The maximum number of seconds that a file will be scanned is set to 300 seconds.
    • Scan Mail Messages This checkbox is selected to scan email messages.
    • Scan Mail Databases This checkbox is selected to scan email databases.

    Exclusions Tab

    On the Exclusions tab, no filters are configured to exclude any files from scanning.

    Critical Areas Tab

    The Critical Areas Settings are the same as the File Scan Settings on the Settings tab, and, in the Default Policy, are configured with the same values.

    Default Scheduled File Scan Settings

    Settings Tab

    On the Settings tab of the Scheduled Scan Settings window for the File scan type, the File Scan Settings are shown.

    Image
    For the Default Policy, the File Scan Settings for Scheduled File Scan are set as follows:

    • Heuristics Level The Heuristics Level is set to Medium. The advanced heuristic code analyzer is on, with medium scanning level. For a manual scan that only occurs when requested by the user, the Medium setting is fine and will not impact system performance.
    • Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
    • Scan Within Containers This checkbox is selected to open and scan the contents of container files, such as ZIP or CAB files. The Max Container Scan Depth is set to 1, indicating that only the first level of container will be scanned, and no containers within the container are scanned.
    • Timeout The maximum number of seconds that a file will be scanned is set to 300 seconds.
    • Scan Mail Messages This checkbox is selected to scan email messages.
    • Scan Mail Databases This checkbox is not selected, so no email databases will be scanned.

    Exclusions Tab

    On the Exclusions tab, filters are configured to exclude .txt and .log files from scanning.

    Image

    Inclusions Tab

    On the Inclusions tab, a filter for All fixed disks is configured to include all hard drives on the computer for scanning. Because an inclusion filter is specified, only the items defined by the inclusion file filters are scanned and everything else is excluded.

    Image


    Schedule Tab

    On the Schedule tab, a time based schedule is configured for the scan.

    Image

    This fixed disk scan is configured to run once, at midnight on January 1st.

    Default Scheduled Critical Areas Scan Settings

    Critical Areas Tab

    On the Critical Areas tab of the Scheduled Scan Settings window for the Critical Areas scan type, the Critical Areas Settings are shown.

    Image


    For the Default Policy, the Critical Areas Settings are set as follows:

    • Heuristics Level The Heuristics Level is set to Medium. The advanced heuristic code analyzer is on, with medium scanning level. For a manual scan that only occurs when requested by the user, the Medium setting is fine and will not impact system performance.
    • Cleaning Mode Currently, Clean and Delete is the only option for handling detected threats.
    • Scan Within Containers This checkbox is selected to open and scan the contents of container files, such as ZIP or CAB files. The Max Container Scan Depth is set to 1, indicating that only the first level of container will be scanned, and no containers within the container are scanned.
    • Boot Sector This checkbox is selected to scan the boot sector of the hard disk.
    • System Memory This checkbox is selected to scan system memory.
    • Startup Objects This checkbox is selected to scan files that run at system startup. If selected, you can select Qscan.
    • Scan Mail Messages This checkbox is selected to scan email messages.
    • Scan Mail Databases This checkbox is not selected, so no email databases will be scanned.

    Schedule Tab

    On the Schedule tab, a time based schedule is configured for the Critical Areas scheduled scan.

    Image

    This critical areas scan is configured to run Daily, at 11:00 PM.


    Adding a New Policy

    A new policy can be created by either clicking on Add New Policy or cloning the default policy. To clone, click on the Clone button at the far end of the default policy.

    Image

    In either method, the Add Policy window will pop-up with General and Kaspersky AV tabs.

    General tab

    Name: Enter a name for the policy.
    Comment: Descriptive information about the policy.

    Image

    Kaspersky AV tab

    Agent Version: Stable Release
    OnAccess: Pre-installed scan type to always monitor the system in the background for malware. Cannot be deleted
    Manual: Pre-installed scan type to scan files, folders and removable disks when prompted to do so. Cannot be deleted
    Add New Scheduled Scan: User created scan type to scan the system at a scheduled time.

    Image


    2. OnAccess Scan

    • Comment: Descriptive information.
    • Disable: Disables OnAccess Scan
    • Settings
    • Exclusions
    • Inclusions
    • Processes

    Settings

    Image
    • Heuristic Level: Off / Low / Medium /High. Default = Medium
    • Cleaning Mode: Clean and Delete.
    • Working Mode: Smart / File Open / File Execute / Both File Read and Write. Default = Smart
    • Scan Within Containers: Contents of ZIP / CAB etc will be opened and scanned. Default = Unchecked.
    • Max Archive File Size: Applicable if above is checked. Default is 8 MB. 0 means no maximum size.
    • Timeout = Default = 3 Seconds. 0 = No timeout.

    Exclusions

    Image Select Type:  File / Folder

    Location:
    • Custom Path
    • Fixed and removable Disks
    • All fixed disks
    • All removable disks
    • OS installed drive
    • Documents and Settings folder
    • Program Files folder
    • Windows directory
    • Windows system directory
    Extension List: List of extensions that will be matched when searching for files to filter. Do not precede the extension with "." or "*." Wildcards are permitted at the end of an extension such as DOC XL* PPT.
     

    Inclusions

    Location:
    • Custom Path
    • Fixed and removable Disks
    • All fixed disks
    • All removable disks
    • OS installed drive
    • Documents and Settings folder
    • Program Files folder
    • Windows directory
    • Windows system directory
    Extension List: List of extensions that will be matched when searching for files to filter. Do not precede the extension with "." or "*." Wildcards are permitted at the end of an extension such as DOC XL* PPT.

     

    Image

    Processes

    Image Process Location:

    Allow to Open Files:
    Analyze Behavior:
    Allow Registry Use:
    Allow Network Use:
    SSL Only:
                                           

    Manual scan

    • Comment: Descriptive information.
    • Settings
    • Exclusions
    • Critical Areas

    Settings

    Image
    • Heuristic Level:
      • Off / Low / Medium /High. Default = Medium
    • Cleaning Mode: Clean and Delete.
    • Scan Within Containers: Contents of ZIP / CAB etc will be opened and scanned.Default = checked.
    • Max Container Scan Depth: Max level of containers within containers. For example, ZIP inside of a RAR inside of a TAR. Can be set from 1 to 10. 0 = No depth. Default = 1.
    • Timeout = Default = 300 Seconds. 0 = No timeout.
    • Scan Mail Messages:     
    • Scan Mail Databases:


    Exclusions

    Image Select Type:  File / Folder

    Location:

    • Custom Path
    • Fixed and removable Disks
    • All fixed disks
    • All removable disks
    • OS installed drive
    • Documents and Settings folder
    • Program Files folder
    • Windows directory
    • Windows system directory
    Extension List: List of extensions that will be matched when searching for files to filter. Do not precede the extension with "." or "*." Wildcards are permitted at the end of an extension such as DOC XL* PPT.


    Critical Areas

    Image
    • Heuristic Level: Off / Low / Medium /High. Default = Medium
    • Cleaning Mode: Clean and Delete.
    • Scan Within Containers: Contents of ZIP / CAB etc will be opened and scanned.Default = checked.
    • Max Container Scan Depth: Max level of containers within containers. For example, ZIP inside of a RAR inside of a TAR. Can be set from 1 to 10. 0 = No depth. Default = 1.
    • Timeout: Default = 300 Seconds. 0 = No timeout.
    • Scan Mail Messages:     
    • Scan Mail Databases:

    Add New Scheduled Scan

     Image


    Comment: Descriptive information.
    Scheduled Scan Type:  File / Critical Areas. Default = File

    • Settings
    • Exclusions
    • Inclusions
    • Schedule

    Settings

    Image
    • Heuristic Level:
      • Off / Low / Medium /High. Default = Medium
    • Cleaning Mode: Clean and Delete.
    • Scan Within Containers: Contents of ZIP / CAB etc will be opened and scanned.Default = checked.
    • Max Container Scan Depth: Max level of containers within containers. For example, ZIP inside of a RAR inside of a TAR. Can be set from 1 to 10. 0 = No depth. Default = 1.
    • Timeout = Default = 300 Seconds. 0 = No timeout.
    • Scan Mail Messages:     
    • Scan Mail Databases:


    Exclusions

    Image Exclusion File Filter Settings

    Select Type:  File / Folder

    Location:
    • Custom Path
    • Fixed and removable Disks
    • All fixed disks
    • All removable disks
    • OS installed drive
    • Documents and Settings folder
    • Program Files folder
    • Windows directory
    • Windows system directory
    Extension List: List of extensions that will be matched when searching for files to filter. Do not precede the extension with "." or "*." Wildcards are permitted at the end of an extension such as DOC XL* PPT.


    Inclusions

    Image Select Type:  File / Folder

    Location:

    • Custom Path
    • Fixed and removable Disks
    • All fixed disks
    • All removable disks
    • OS installed drive
    • Documents and Settings folder
    • Program Files folder
    • Windows directory
    • Windows system directory
    Extension List: List of extensions that will be matched when searching for files to filter. Do not precede the extension with "." or "*." Wildcards are permitted at the end of an extension such as DOC XL* PPT.

     

    Related Articles

    • How to Setup the SonicWave 600 series
    • Identical Access Rules for different users/user groups
    • Advanced Network Security eLearning Training Course

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top