You can use all or some of the Antimalware policies, depending on your organization’s needs, but the Antimalware Enforcement Policy must be enforced on managed devices before you can use any of the features of the other three policies.
Policy |
Purpose |
|
---|---|---|
|
Antimalware Enforcement |
Installs the Antimalware Agent and configures the base on-access and on-demand scans that protect managed devices from malware threats. Because it is the base policy and installs the agent, it must be assigned to devices before any optional policies (Custom Scan Policy, Network Scan Policy, and Scan Exclusions Policy) can be assigned and enforced. |
|
Custom Scan |
Defines and schedules scans on local drives, in addition to the Full and Quick scans already defined in the Antimalware Enforcement Policy. Provides the capability to target specific threats that may not be covered in the regularly scheduled scans using the Antimalware Enforcement Policy. |
|
Network Scan |
Defines and schedules scans on files from network drives only. This policy gives you the capability to target a network drive from a specific device. For example, you could use this policy to scan a file storage disk in an array of disks. Network credentials must be configured in the policy to access network files. |
|
Scan Exclusions |
Customizes scan exclusions beyond those already configured in other Antimalware policies. Once this policy is created, you can add the Exclusions Policy option to the Custom Exclusions details of any of the three other Antimalware policies. The policy is then enforced based on having the same device assignment of the Exclusions Policy and the Antimalware policy that this option is configured in. |