Policies define how OneView behaves when running a scheduled or on-demand Threat scan. Policies are applied at the site and group level in OneView, and all endpoints in a group use the same policy.
Configure scans
- On the left navigation menu, click Configure > Policies.
- Click the + icon or select an existing policy.
- Select the Scan settings tab to see the specific settings available for each operating system.
For the default settings, see ThreatDown recommended policy for OneView.
Threat Scans
Threat Scans are more thorough than a quick Hyper Scan. Threat Scans have the following options:
- Scan the contents of compressed folders (e.g. .zip, .rar. etc.): The scan checks inside of compressed files.
- Detect signature-less anomalous files: The scan looks at file behavior in addition to scanning files using known threat information.
-
Scan for rootkits on the endpoints: Scans the system kernel, firmware, and memory for rootkits. This may increase the time required to complete a scan and impact performance as it takes longer to read the disk in order to avoid interference from rootkits.
Note: Not available on Windows endpoints running an Advanced RISC Machine (ARM) processor.
Threat Scans, Hyper Scans, and Real-Time Protection
These options apply to Threat Scans, Hyper Scans, and Real-Time Protection:
- Treat potentially unwanted programs (PUPs) as malware (recommended): Specifies if Potentially Unwanted Programs are treated as malware or ignored.
- Treat potentially unwanted modifications (PUMs) as malware (recommended): Specifies if Potentially Unwanted Modifications are treated as malware or ignored. Applies to Windows endpoints only.
Mobile devices only
These options apply to scans on Android and ChromeOS devices. The options are as follows:
- Use deep scanner during a full scan: Scan the entire mobile device for threats. Enabling this setting impacts scan duration.
- User power saver during scans: Minimize background activity on the device while scans are running.
- Perform scans only while charging: Only allow scans to run while the mobile device is charging.
- Scan automatically after reboot: Automatically run a scan after a reboot.
- Scan automatically after update: Automatically run a scan after a protection update.
Additional scan options
Additional scan options to determine the endpoint system priority for scans and CPU usage of scans.
Options in this section are as follows:
-
Select how endpoints should prioritize scans vs system performance: Enables manual priority selection for scheduled scans.
- Low priority: Scans require more time to complete but have a lesser performance impact.
- High priority: Allows scans to run faster but may affect endpoint system performance.
-
Select maximum allocation of CPU resources for scans: Controls the maximum processing power used during a manual or scheduled system scan on Mac endpoints. Select from the following options:
- Low (Default) - Uses approximately 25% of a single CPU core for the slowest scan.
- Medium - Uses approximately 50% of a single CPU core for a slower scan.
- High - Uses up to 100% of a single CPU core for faster scans.