Policies define how OneView behaves when running a scheduled or on-demand Threat scan. Policies are applied at the site and group level in OneView, and all endpoints in a group use the same policy.
Configure scans
- On the left navigation menu, click Configure > Policies.
- Click the + icon or select an existing policy.
- Select the Scan settings tab to see the specific settings available for each operating system.
For the default settings, see ThreatDown recommended policy for OneView.
Threat Scans
Threat Scans are more thorough than a quick Hyper Scan. Threat Scans have the following options:
- Scan the contents of compressed folders (e.g. .zip, .rar. etc.): The scan checks inside of compressed files.
-
Scan for rootkits on the endpoints: Scans the system kernel, firmware, and memory for rootkits. This may increase the time required to complete a scan and impact performance as it takes longer to read the disk in order to avoid interference from rootkits.
Note: Not available on Windows endpoints running an Advanced RISC Machine (ARM) processor.
Threat Scans, Hyper Scans, and Real-Time Protection
These options apply to Threat Scans, Hyper Scans, and Real-Time Protection:
- Treat potentially unwanted programs (PUPs) as malware (recommended): Specifies if Potentially Unwanted Programs are treated as malware or ignored.
- Treat potentially unwanted modifications (PUMs) as malware (recommended): Specifies if Potentially Unwanted Modifications are treated as malware or ignored. Applies to Windows endpoints only.
- Detect signature-less anomalous files: The scan looks at file behavior in addition to scanning files using known threat information.
-
Detect malware with AI algorithms: Detect malware with AI algorithms. These detections appear as Malware.AI in the console. Enabling this setting on macOS detects Windows malware on Macs.
- Detect and Report only: Identifies and detects malware with AI algorithms but does not block or quarantine it. Use if you are experiencing a large number of false positives with the Malware.AI detection.
Mobile devices only
These options apply to scans on Android and ChromeOS devices. The options are as follows:
- Use deep scanner during a full scan: Scan the entire mobile device for threats. Enabling this setting impacts scan duration.
- Use power saver during scans: Minimize background activity on the device while scans are running.
- Perform scans only while charging: Only allow scans to run while the mobile device is charging.
- Scan automatically after reboot: Automatically run a scan after a reboot.
- Scan automatically after update: Automatically run a scan after a protection update.
Additional scan options
Additional scan options to determine the endpoint system priority for scans and CPU usage of scans.
Options in this section are as follows:
-
Select how endpoints should prioritize scans vs system performance: Enables manual priority selection for scheduled scans.
- Low priority: Scans require more time to complete but have a lesser performance impact.
- High priority: Allows scans to run faster but may affect endpoint system performance.
- Smart priority: Recommended. Scans at high priority when the system is idle. Otherwise, scans at Low Priority.
-
Select maximum allocation of CPU resources for scans: Controls the maximum processing power used during a manual or scheduled system scan on Mac endpoints. Select from the following options:
- Low (Default) - Uses approximately 25% of a single CPU core for the slowest scan.
- Medium - Uses approximately 50% of a single CPU core for a slower scan.
- High - Uses up to 100% of a single CPU core for faster scans.
Quarantine Management
Automatically delete quarantined items older than a specified number of days. This helps keep the Quarantined Detections page free of outdated entries on Windows endpoints. Select between 30, 45, 90, 180, or 365 days.