Enabling threat detection in Symantec Protection Engine
This topic explains the options that are configured using the Core server with user interface mode. to work with the Core server only mode.
Symantec Protection Engine can detect viral and non-viral threats, such as viruses, Trojan horses, worms, and security risks in all major file types. For example, Windows, DOS, Microsoft Word, and Microsoft Excel files. To detect threats, you must enable the threat detection capability in the Symantec Protection Engine console.
Symantec Protection Engine uses Bloodhound heuristic technology to detect new and unknown threats. You can customize Bloodhound Detection from zero protection to a high level of protection. However, a high level of protection increases protection of your network but it decreases the server performance. At low levels of protection, server performance is unaffected but an unknown threat might escape detection. In most cases, the default setting (medium) is appropriate. Symantec Protection Engine also gives you an option to quarantine threats. You can quarantine threats if you have configured quarantine server in Symantec Protection Engine.
You must have a valid antivirus scanning license to scan for threats and a valid content license to update virus definitions. If you upgrade from a previous version and your licenses are current, Symantec Protection Engine automatically recognizes these licenses.
To enable threat detection in Symantec Protection Engine
In the console on the primary navigation bar, click Policies.
In the sidebar under Views, click Scanning.
In the content area under Antivirus Scanning, select the Enable virus scanning check box.
In the Bloodhound detection level drop-down list, select the appropriate Bloodhound Detection level as follows:
Disables antivirus scanning.
Optimizes the server performance, but might not detect potential threats.
Provides a balance between threat detection and server performance.
By default, medium level is selected in Symantec Protection Engine.
Increases the detection of threats, but might affect the server performance.
In the Scan policy list, select how you want Symantec Protection Engine to handle infected files. The options are as follows:
Denies the access to the infected file but does nothing to the infected file.
Scan and delete
Deletes all infected files without trying to repair them, including the files that are embedded in archive files.
Scan and repair files
Tries to repair infected files but does nothing to the files that cannot be repaired. Security risks cannot be repaired.
Scan and repair or delete
Tries to repair infected files and deletes any unrepairable files from archive files. Security risks cannot be repaired.
This is the default setting.
Under Quarantine, select the Quarantine Threats check box.
The Quarantine Threats option is available only if Enable virus scanning is enabled and quarantine server is configured in Symantec Protection Engine.
On the toolbar, select one of the following options:
Saves your changes.
Use this option to continue making changes in the console until you are ready to apply them.
Applies your changes.
Your changes are not implemented until you apply them.