Malware a collective name for disruptive software that includes viruses, worms, trajan horses, ransomware, spyware and macro attacks, that gains access to computers and collects information. Some malware in recent times, have been very vicious ransomware, locking systems that can only be unlocked by paying to do so.
Another emerging malware attack is fileless attacks. Unlike typical malware, as the name implies, a fileless attack does not need to install software to infect a device. The malware takes advantage of vulnerabilities to exist in RAM, using common system tools to execute an attack. For more information on fileless attacks and how Bitdefender protects against them, see the White Paper, Fileless attacks.
The Anti-Malware module provides a means to detect and defeat these malware threats before they have a chance to inflict damage to devices. AV Defender makes a distinction between an "infected file" and a "suspected file" based on the confidence that it has detected a security threat. The difference between infected and suspected is based on the characteristics of the scanned file and the known security threats contained in the definition files.
The file is considered "infected" if the security scan is able to determine that the file contains a security threat with high confidence. The file is considered "suspected" if the security scan is only able to determine that the file contains a security threat with a low level of confidence.
The Anti-Malware module provides two types of scanning options:
- On-access: On-access scanning prevents new malware threats from entering a device by scanning boot sectors, potentially unwanted applications and local and network files, for example when a user opens, moves or copies a file, as they are accessed.
- On-demand: is a scan that runs automatically on devices. The scanning is performed in the background whether the user is logged in the system or not.
- Click Configuration > Security Manager > Profiles.
- Click Add, or click on an existing profile to edit.
- Click View Settings beside the Anti-Malware module.
- On the On-access tab, click the Enabled check box to turn on the module.
- Set the Detection Level from the drop-down menu.
Place your cursor over the "i" icon next to the drop-down menu to view the detailed description of what impact these settings have on AV Defender.
- If you select Custom, the remaining options become available to define how AV Defender scans files.
- Click the On-demand tab and configure if AV Defender scans a device automatically when they are discovered by N-able N-central.
- Click the Quarantine tab and configure what N-able N-central does when it determines that a file is suspicious. For information on quarantined files, see Work with quarantined files.
- Click Save.
If you configured automatic device scans, these will be created by N-able N-central as scan tasks and individual scans will be reported as new scan task events.
You can also choose to prompt the user before scanning attached drives to alert the user to activity on the drive.
The option Rescan quarantine after malware signature updates enables the Anti-Malware module to scan the quarantine files for false positives following a signature update, and restore them if falsely detected.