Active Defense Settings

Active Defense allows visually displaying threats and providing assessment evidences to proactively responding to unknown threats. If Active Defense is enabled, the programs running in a PC will be scanned for malicious activities.

Configure the active defense settings in the following way.

1. Click Policy.
2. Click Security Program Policy.
3. Click Add to move to Anti-Malware Policy > V3 Net.
4. Click Active Defense > Active Defense Settings.

• Participate in ASD network: You can configure the ASD network settings to scan files for malicious codes using the database in the ASD server. If new files, which are not reported to the cloud server yet, are detected, the files will be sent to the server for analysis and the analysis results will be reported to users in real-time.

Note

The more users participate in the ASD networking, the more database for malicious codes will be gathered to minimize the probability of infection by malicious codes.

• Enable Active Defense: Enables or disables Active Defense.
• File/Folder Filtering: Adds the trusted files or folders to the trusted items list while adding the unwanted or malicious files to the blocked items list to block file execution.

• Enable cloud-based analysis: If threats, unknown even in the cloud analysis, are detected, the detected files will be sent to the automatic cloud server to analyze them and report the analysis results to users in real-time. If the automatic cloud analysis is used and threats unknown even in the intense scan or PC real-time scan, are detected, the detected files will be sent to the server to analyze them. The analysis results will be reported to users when the scan ends.

5. Click Save.

Note

Active Defense can be enabled only when the PC real-time scan is enabled. If the PC real-time scan is not enabled, Active Defense may not work properly.

File/Folder Filtering

Adds the trusted files or folders to the trusted items list while adding the unwanted or malicious files to the blocked items list to block file execution. You can add the file extensions such as exe/dll for the user-defined list.

Note

Folders for the user-defined list can be added only in Allow a Trusted Item.

• Add a Trusted Item: Click Add and then <Open> appears. Select a file to add to the list and then click Open. The registered file is displayed as trusted in the user-defined list.

• Path: Specifies a path for the selected file. You can select the absolute path, Windows Program Files folders and Windows folders for the path.
• File Name: Enter a file name. The file name must be in a format of 'Drive Name:\Folder Name’ or ‘Environment Variables\\Folder Name\File name’. (ex: C:\Temp\FolderName\FileName, %TEMP%\FolderName\FileName)

• Add an Untursted Item: Specify file or folders to block. Click Add to display <Open>. Select a file to add to the list and then click Open. The registered file is displayed as blocked in the user-defined list.

Note

You can only add a file for the blocked item.

• Path: Specifies a path for the selected file. You can select the absolute path, Windows Program Files folders and Windows folders for the path.
• File Name: Enter a file name. The file name must be in a format of 'Drive Name:\Folder Name’ or ‘Environment Variables\\Folder Name\File name’. (ex: C:\Temp\FolderName\FileName, %TEMP%\FolderName\FileName)
• Delete: Select a trusted/blocked file or folder in the user-defined list and then click Delete. Then a message, Do you want to delete the selected item? will appear. Click Yes to delete the selected item from the list.

Note

You can add up to 300 trusted or blocked files to the user-defined list.

Note

If the blocked file is detected by intense scan or PC real-time scan, the file will be deleted immediately.