Malware a collective name for disruptive software that includes viruses, worms, Trajan horses, Ransomware, spyware and macro attacks, that gains access to computers and collects information. Some malware in recent times, have been very vicious Ransomware, locking systems that can only be unlocked by paying to do so.
Another emerging malware attack is fileless attacks. Unlike typical malware, as the name implies, a fileless attack does not need to install software to infect a device. The malware takes advantage of vulnerabilities to exist in RAM, using common system tools to execute an attack. For more information on fileless attacks and how Bitdefender protects against them, see the White Paper, Fileless attacks.
The Anti-Malware module provides a means to detect and defeat these malware threats before they have a chance to inflict damage to devices. AV Defender makes a distinction between an "infected file" and a "suspected file" based on the confidence that it has detected a security threat. The difference between infected and suspected is based on the characteristics of the scanned file and the known security threats contained in the definition files.
The file is considered "infected" if the security scan is able to determine that the file contains a security threat with high confidence. The file is considered "suspected" if the security scan is only able to determine that the file contains a security threat with a low level of confidence.
- Click Configuration > Security Manager > Profiles.
- Click Add, or click on an existing profile to edit.
- Click View Settings beside the Anti-Malware module.
- On the On-access tab, click the Enabled check box to turn on the module.
- Set the Detection Level from the drop-down menu.
Place your cursor over the "i" icon to view the detailed description of what impact these settings have on AV Defender.
- If you select Custom, the remaining options become available to define how AV Defender scans files.
- Click the On-demand tab and configure if AV Defender scans a device when they are discovered by SolarWinds N-central.
- Click the Quarantine tab and configure what SolarWinds N-central does when it determines that a file is suspicious. For information on quarantined files, see Work with quarantined files.
- Click Save.
If you configured automatic device scans, these will be created by SolarWinds N-central as scan tasks and individual scans will be reported as new scan task events.
The option Rescan quarantine after malware signature updates enables the Anti-Malware module to scan the quarantine files for false positives following a signature update, and restore them if falsely detected.