Table of contents

Enable and configure Anti-Malware

To use Anti-Malware, you need to perform the following:

  1. Enable the Anti-Malware module.
  2. Select the types of scans to perform.
  3. Configure scan inclusions.
  4. Configure scan exclusions.
  5. Ensure that Workload Security can keep up to date on the latest threats.

When you have completed the preceding steps, review Configure malware scans and refine the Anti-Malware scan behavior.

The majority of the Anti-Malware settings can be configured either for each individual computer or in a policy that applies to multiple computers (for example, to all Windows 2008 Servers), with the latter being easier. For more information, see Policies, inheritance, and overrides.

CPU usage and RAM usage varies by the Anti-Malware configuration. For information on optimizing Anti-Malware performance on the agent, see Performance tips for Anti-Malware.

For additional information, see Protect against malware.

Enable the Anti-Malware module

  1. Go to Policies.
  2. Double-click the policy for which you want to enable Anti-Malware.
  3. Go to Anti-Malware > General.
  4. From Anti-Malware State, select On.
  5. Click Save.

Select the types of scans to perform

After enabling Anti-Malware, configure the types of scans Workload Security will perform, as follows:

  1. Go to Policies.
  2. Double-click the policy to configure.
  3. Click Anti-Malware > General.
  4. Enable or disable each type of scan:
    a. To perform the scan using default settings, select Default.
    b. To perform the scan using a malware scan configuration that you can customize, select a malware scan configuration.
    c. To disable the scan, for the malware scan configuration select No Configuration.
  5. Click Save.

Trend Micro recommends that you configure Workload Security to perform weekly scheduled scans on all protected servers. You can do this using Scheduled Tasks (see Schedule Workload Security to perform tasks).

Configure scan inclusions

To reduce scanning time and minimize the use of computing resources, you can configure Workload Security malware scans to include only specific folders, files, and file types in all types of scans. You can also include process image files in real-time malware scans that are run on Windows computers. For more information, see Specify the files to scan.

All inclusions are specified by selecting inclusion lists (inherited or non-inherited) on the Inclusions tab of the Malware Scan Configuration editor:

  1. Go to Policies.

  2. Double-click the policy for which you want to enable Anti-Malware.

  3. Go to Anti-Malware > Inclusions.

  4. Select the type of scan to which you want to add the inclusions:

    • Real-time
    • Scheduled
    • Manual
  5. To add all of the inherited lists, select Use inherited list.

  6. To add non-inherited lists, select the lists and click Add.

To create a new list, select New. For details, see Create a list of files for use in policies.

To delete a non-inherited list, select its garbage can icon. To remove inherited lists, you must deselect Use inherited lists.

  1. Select Save.

You can select multiple lists for your inclusions list.

Configure scan exclusions

To reduce scanning time and minimize the use of computing resources, you can configure Workload Security malware scans to exclude specific folders, files, and file types from all types of scans. You can also exclude process image files from real-time malware scans that are run on Windows computers. For more information, see Specify the files to scan.

If any performance-related issues are experienced when Workload Security Anti-Malware protection is enabled, you can use exclusions to help troubleshoot these issues by excluding specific folders or files from scanning.

All exclusions are specified by selecting exclusion lists (inherited or non-inherited) on the Exclusions tab of the Malware Scan Configuration editor:

  1. Go to Policies.

  2. Double-click the policy for which you want to enable Anti-Malware.

  3. Go to Anti-Malware > Exclusions.

  4. Select the type of scan to which you want to add the exclusions:

    • Real-time
    • Scheduled
    • Manual
  5. To add all of the inherited lists, select Use inherited lists

  6. To add non-inherited lists, select the lists and click Add.

To create a new list, select New. For details, see Create a list of files for use in policies.

To delete a non-inherited list, select its garbage can icon. To remove inherited lists, you must deselect Use inherited lists.

  1. Select Save.

You can select multiple lists for your exclusion list.

Ensure that Workload Security can keep up to date on the latest threats

To remain effective against new viruses and exploits, agents need to be able to download the latest software and security update packages from Trend Micro or indirectly, from your own Relay. These packages contain threat definitions and patterns. Relay-enabled agents, organized into relay groups (also managed and configured by Workload Security) retrieve security updates from Trend Micro, and then distribute them to other agents and appliances.

  1. Go to Administration > System Settings > Updates.
  2. Configure Workload Security's ability to retrieve security updates from Trend Micro. Make sure you have at least one relay-enabled agent, and it is assigned to the appropriate agents and appliances.
    To determine if an agent is a relay, next to a computer, click Preview.
    Confirm relay-enabled agent

  3. Go to Administration > Scheduled Tasks.

  4. Verify that there is a scheduled task to regularly download available updates for both security and software updates.