The Anti-Malware
module is an on-demand module that you install on the Windows 64-bit endpoints that already have the QRadar® EDR Agent. When you enable the Anti-Malware module, the QRadar EDR Agent automatically downloads and installs the
module.
About this task
Windows-only
For more information about enabling the Anti-Malware module in an MSSP environment, see
Managing MSSP clients.
Procedure
- Click .
- Set the Enable the Anti-Malware module toggle to the
on position.
The Anti-Malware module is automatically downloaded
and installed by the QRadar EDR Agent.
- Select the protection level for endpoints with the Anti-Malware module.
Protection level |
Description |
Detection |
Identify threats in new files and all installed applications, create alerts without removing
artifacts from the disk. |
Standard Protection |
Identify and remove threats in a user's Documents and
Downloads folders, and in running applications. |
Advanced Protection |
Extend protection and scanning to all installed software applications. |
Aggressive Protection |
Run in-depth scans of every application and file, including system folders. |
- If you need to exclude any paths from Anti-Malware module protection, click Create
antimalware exceptions.
- Provide an exception policy name and description.
- Provide the path to be excluded.
The following paths are examples of paths that might be excluded.
- *
- %SystemDrive%
- %SystemRoot%
- %PROGRAMDATA%
- %PROGRAMFILES%
- %PROGRAMFILES(X86)%
You can also exclude specific executable files by using the following notation.
<process>C:\<path_to>\<file_name>.exe
- Click , and enable the Anti-Malware
distribution.
- Edit the Targets field.
- To deliver the updated package to specific endpoints, add a list of clients or
groups.
- To deliver the updated package to all eligible endpoints, set the field to
Global.