Configuring vGW Series AntiVirus On-Access Scanning

This topic explains how to configure the vGW AntiVirus On-Access scanner using the vGW AntiVirus module of the vGW Security Design VM. If On-Access scanning is configured, whenever a file is accessed or one is sent, the vGW AntiVirus intercedes and checks the file against the signature database to ensure that the content does not contain malware or a virus. vGW AntiVirus On-Access scanning protects the network from malicious attacks at the source, before damage is done by blocking a download of an infected file to a guest VM.

Before you configure On-Access scanning:

To create an On-Access vGW AntiVirus configuration or add a new one:

  1. Select the AntiVirus module. On the main AntiVirus screen, select the Scanner Config tab.
  2. Click Add.
  3. Specify a name for the vGW AntiVirus scanner configuration.
  4. (Optional). Give a brief description of the scanner definition so that it is quickly recognizable.
  5. In the Scope box, identify the VM groups whose VM members are to be scanned. Select the VM groups from the list, and move them to Selected Groups.

    After a scan is defined, it is added to the list of configurations in the Scanner Config table.

    Note: If a VM group is a member of more than one scanner configuration, the topmost scan definition that it belongs to is used to protect it. You can manipulate the order of the scanner configurations in the table.

  6. In the Step 1 Scan Options pane, select the On-Access Scanning check box.

    Note: Step 2 in the scanner configuration screen is required for On-Demand scans only, so it is not included in this procedure.

  7. In the Step 3 Scan Engine Configuration pane under On-Access file types/extensions scanning selection, select the type of scan to perform, either Typical Scan or Custom Scan. For this portion of the example, select the Typical Scan check box.
  8. In the Step 4 Action pane, specify one or more actions to take when the scan detects a virus:
    • Alert when a virus is detected—The Virus Alerts tab displays information on the VMs or files that are infected.
    • Quarantine the VM—You can specify that the infected VM be included in a quarantine policy group.

      You use the Quarantine tab on the Main module to view a list of VMs quarantined as a result of an AntiVirus scan. From this location, you can remove a VM from quarantine by selecting the VM and clicking the Un-Quarantine VM option button.

    • Quarantine infected files—You can specify that the infected files be quarantined.

      Use the Quarantine Files tab on the AntiVirus module to display the list of files that are quarantined. You use the option button to determine how the information is displayed. You can display quarantined files categorized by VMs or as a flat, inclusive file list.

      The Quarantine Files page lets you delete an infected file, remove it from quarantine, or fetch it to remediate it according to your own process.

    • Suspend the VM—You can suspend the VM entirely.

To create a custom scan that allows you to specify the files to be scanned:

  1. In the Step 3 Scan Engine Configuration pane, under the On-Access file types/extensions scanning selection, select the Custom Scan option button.
  2. Select the files to scan.

    Note: The file types and the file locations that you specify in this pane work together to clearly identify the files to scan. For example, if you select Scan All File Types and Scan Only–for example to scan only specific locations such as c:\user\share–then all the files at that location are scanned, but only those files.

    1. Select the Scan Archives check box to scan all files archived in various formats.

      For improved performance, do not scan archive files.

    2. Select the types of files to scan. Select one of the following options:
      • Scan All File Types—Scans all types of files, delimited by the selected file location.
      • Scan Only—Scans only specified file types, delimited by the selected file locations. You can delete file types from the provided list to exclude them from the scan.
      • Ignore only—Scans all types of files except the specified types.
    3. Select the locations where the files to scan reside.
      • Scan All Locations—Scans files in all locations, delimited by the selected types of files to scan.
      • Scan only—Scans files only at the specified location, delimited by the selected types of files to scan.
      • Ignore only—Scans all files except those that reside at the specified locations.

Related Documentation