1.7 Antimalware

ZENworks Antimalware is a new component of ZENworks Endpoint Security Management under the Security grouping in the ZENworks Control Center. Antimalware is a compressive solution that protects managed devices from all the latest malware threats. When deployed to devices in your zone, the Antimalware Agent continuously receives updates of malware signature files from the Antimalware Cloud Service to detect malware infections using both on-access and on-demand scans. Infected files are quarantined until they are disinfected.

For more information about the topics in this section, see the following:

1.7.1 Protecting Against Malware - Getting Started page

Security’s Getting Started page includes an additional tabbed page titled, “Protecting Against Malware.” You can use this page as a single point of access to configure, deploy, and customize all the features that ZENworks Antimalware has to offer.

1.7.2 Antimalware Update Entitlement

The Antimalware Update Entitlement is required to deploy Antimalware policies to devices. The entitlement is automatically enabled for the evaluation period when activating Endpoint Security Management in Evaluation mode.

1.7.3 Windows Endpoint Security Policies

Four new policies are used to manage Antimalware deployment, customization, and continuity:

Antimalware Enforcement Policy: This is the base policy that installs the Antimalware Agent on managed devices. This policy must be deployed to use any of the other Antimalware policies. It includes configurations for all types of malware scans, including on-access and full, quick, external device, and contextual ondemand scans. There are also settings for quarantine behavior and defining content to exclude from scans.

If the default settings for end user rights and notifications are maintained when the policy is deployed, end users will have access to the Agent Status Console on their endpoints, which enable them to initiate their own scans, view scan and agent update status, and receive notifications of agent activity controlled by the policy.

Antimalware Scan Exclusions Policy: Antimalware has scan exclusions that are both built-in and custom scan exclusions that you can add to any of the Antimalware policies. The Scan Exclusions policy is employed by device assignment when other Antimalware policies are also assigned to the same devices, which enables a more simplified way to propagate scan exclusions across the zone. Exclusions can by enabled or disabled for specific scan types

Antimalware Custom Scan Policy: The Custom Scan Policy is used for a more targeted approach to scan local drives on managed devices when a specific threat is suspected or to target scans to specific locations on those devices. It includes its own schedule as opposed to using the zone schedule that is configured for the Antimalware Enforcement Policy

Antimalware Network Scan Policy: The Network Scan Policy is also used for a more targeted approach, but is explicitly used for scanning folders and files on Network drives. It also has its own schedule, and includes an additional setting for authentication to network locations.

1.7.4 Antimalware Security Dashlets

Four new dashlets that default to the Security Dashboard are provided to monitor malware threats, malware scans, and malware signature updates.

Device Malware Status: This dashlet displays the malware status for individual devices in the zone, for a selected detection period.

Device Last Malware Scan: This dashlet displays the health of the devices in your zone against malware threats. By default, it displays information about any type of scan that was performed on devices for a specified time period.

Top Malware Threats: This dashlet displays the list of top malware threats in the zone. By default, the top malware threats are displayed based on the number of infected devices.

Device Malware Signature Version: This dashlet displays the list of Malware Signature versions and the Antimalware Agent versions that are installed on devices in the zone.

1.7.5 Device Antimalware Page

This page is a new tab that is accessed when a device is selected. It provides a snapshot status of malware threats, the scan schedule, and quarantined file information for the selected device. You can also take specific actions on files, kickoff scans, and update the Antimalware Agent and Malware Signature versions on the device.

1.7.6 Malware Threat Details Page

This page is accessed by clicking a malware threat link in the Malware Threats section of a device’s Antimalware page. It provides detailed information about the selected threat and details of the devices that have been infected with the threat.

1.7.7 Antimalware Quick Tasks

When one or more devices that have the Antimalware Agent installed are selected in the Devices grouping of the ZENworks Control Center, five new quick tasks are available to run on the selected devices. These include the following quick tasks:

  • Initiate a Malware Scan

  • Update Malware Signature

  • Update Antimalware Agent

  • Restore File from Malware Quarantine

  • Delete File from Malware Quarantine

1.7.8 Antimalware zac Commands

Antimalware comes with several new zac commands that are specific to this component. These includes commands to initiate malware scans on devices, check Antimalware Agent malware status, install, update, or remove the agent, and delete files from quarantine, among others.

1.7.9 Antimalware Zone Configuration pages

Three new zone configuration pages are now included in the Security grouping from the main ZENworks configuration page. Each of these pages include default settings that you can customize. The pages are as follows:

Antimalware Agent Schedules: Configures the schedules for malware scans and malware signature updates. You can override this schedule at the device folder and device level.

Antimalware Agent Notifications: Configures the alerts and notifications that are displayed by the Antimalware agent on managed devices. You can override these settings at the device folder and device level.

Antimalware Configuration: Defines the ZENworks Primary Server to use as the Antimalware server, which must be manually configured to deploy the Antimalware component. Also configures the maintenance schedule for the Antimalware Agent.

1.7.10 Ondemand Content Configuration Page

This new zone configuration page is now included in the Bundle, Policy, and Content grouping from the main ZENworks configuration page. It manages the content download rate and content cache size for content distribution in the zone, which currently includes Antimalware signature files and Antimalware Agent updates.

1.7.11 Antimalware Service Status

The Antimalware Service status can now be accessed in the ZCC Diagnostics page.

1.7.12 Antimalware Database

The Antimalware Database is new with ZENworks 2020 Update 2. Its purpose is to provide data for the monitoring capabilities of Antimalware via the Antimalware page and the Antimalware security dashlets. When configured, this database synchronizes with the ZENworks Database and therefore must be of the same database type. For example: PostgreSQL, Microsoft SQL Server, or Oracle.

The Antimalware Database is configured from the Protecting Against Malware - Getting Started page for Security in the ZENworks Control Center. If the Antimalware Database will be configured using an external database that does not yet exist, one can be created from a CLI command using the setup.exe file.