Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How To Configure Local AV Scan

Endpoint Standard: How To Configure Local AV Scan

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
  • Carbon Black Cloud Sensor: 2.0.x.x and Higher
  • Microsoft Windows: All Supported Versions

Objective

How to set up the Local Scan feature of Endpoint Standard


Resolution

1. Log in to Carbon Black Cloud Console then navigate to Enforce-> Policy page.
2. Select the policy that corresponds to the group of machines to configure the Local Scan. 
3. Click on the Local Scan tab
4. With the correct policy selected, click on the "Scanner Config" drop-down to select one of these options:
  • Disabled - Turns the local AV Scan off for machines in the selected policy. If your organization uses a different Antivirus engine, this may be the best option for your organization.
  • Normal - Scans any new files when they execute for the first time. Old files that already existed on the machine before the sensor was installed will not be scanned. This is the default setting.
  • Aggressive - Scans all files when they execute for the first time.
5. Click on the "Save Settings" button to save your changes.
 

Additional Notes

  • Local Scan Settings are not supported by the Linux or macOS Sensor (any version) or Windows Sensor versions prior to 2.0.x.x
  • Files will be assigned a reputation based on the scan outcome. If the scan identifies a malicious file, it will be flagged.
  • Other configuration options within the "Local Scan Settings" tab are related to downloading the latest virus definitions. See Cb Defense: How to Download the AV Signature Pack and Configure Updates for Local Scan

Related Content


Was this article helpful? Yes No
100% helpful (4/4)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
7908
Contributors