antiMalware Object

The antiMalware object contains the basic details on the Anti-Malware settings in a sensor policy, including:

Field

Type

Description

enabled

Boolean

Indicates whether Anti-Malware protection is enabled in this sensor policy.

signatureMode

Enum

The mode to use for the Anti-Malware > Signatures mode. Possible values include

  • DISABLED (Disabled)

  • DETECT (Detect)

  • BLOCK (Prevent)

  • QUARANTINE (Quarantine)

  • DISINFECT (Disinfect)

documentProtectionMode

Enum

The mode to use for the Anti-Malware > Behavioral Document Protection mode. Possible values include:

  • DISABLED

  • DETECT

  • PREVENT

  • QUARANTINE (versions 20.1.222 and later)

This field is available from versions 20.1.241 and later.

documentProtectionSensitivityLevel

Enum

The sensitivity level to use for the Anti-Malware > Behavioral Document Protection mode. Possible values include:

  • CAUTIOUS

  • MODERATE

  • AGGRESSIVE

This field is available from versions 20.1.241 and later.

documentProtectionExclusions

Array

An object containing a list of exclusions from the Behavioral Documentation Protection. If you do not want to add any exclusions, leave this array empty.

This field is available from versions 20.1.241 and later.

file

String

The rule ID string to exclude from Behavioral Document Protection. This field is available from versions 20.1.241 and later.

modifiedBy

String

The Cybereason user name for the user updating this policy. This field is available from versions 20.1.241 and later.

lastModified

Long

The time (in milliseconds) when you create this policy. This field is available from versions 20.1.241 and later.

detectMode

Enum

The mode to use for the Anti-Malware > Artificial Intelligence Detection mode. Possible values include:

  • 1: Disabled

  • 2: Cautious

  • 3: Moderate

  • 4: Aggressive

preventMode

Integer

The mode to use for the Anti-Malware > Artificial Intelligence Prevent mode. Possible values include:

  • 1: Disabled

  • 2: Cautious

  • 3: Moderate

  • 4: Aggressive

quarantineMaliciousFiles

Boolean

Instructs the Cybereason platform to quarantine files marked as malicious by the Anti-Malware > Artificial Intelligence mode.

exclusions

Array

An object contaning a list of files or folders to exclusions from Anti-Malware protection. If you do not want to add any exclusions, leave this array empty.

file

String

The file or folder string to exclude from Anti-Malware scan. For details on supported exclusion formats, see Add Exclusions.

modifiedBy

String

The Cybereason user name for the user updating this policy.

lastModified

Long

The time (in milliseconds) when you create this policy.

quickScanEnabled

Boolean

Indicates whether the quick scan option for scheduled scans is enabled.

quickScan

JSON object

An object containing details on the options for scheduled quick scans.

quickScanMode

Enum

The action to take on a quick scan if a sensor is not available when the scheduled scan time arrives. Possible values include:

  • SCAN: Perform the scan when the machine is next connected to the Cybereason platform

  • SKIP: Skip this particular scheduled scan time

fullScanEnabled

Boolean

Indicates whether the full scan option for scheduled scans is enabled.

fullScan

JSON object

An object containing details on the options for scheduled full scans.

fullScanMode

Enum

The action to take on a full scan if a sensor is not available when the scheduled scan time arrives. Possible values include:

  • SCAN: Perform the scan when the machine is next connected to the Cybereason platform

  • SKIP: Skip this particular scheduled scan time

period

Enum

The frequency to perform a scan. Possible values include:

  • DAILY

  • WEEKLY

  • MONTHLY

periodicHour

Integer

The hour (on a 24 hour clock) in which to start the scheduled scan.

periodicDay

Integer

If you select WEEKLY or MONTHLY for the period key, the day on which to perform a scheduled scan. Enter 0 for Monday, 2 for Tuesday, and so forth.

periodicOccurrence

Integer

If you select MONTHLY for the period key, the week on which to repeat the scan. Enter the number for the week in the month.

localUpdateServerUrl

Integer

The URL to your Local Update Server. If you do not have a Local Update server, leave this key value empty.

updateFrequencyIntervalMin

Integer

The frequency (in minutes) for how often a sensor should check for signature database updates.

This field is not available by default. Open a Technical Support case to display the Advanced configuration options, including this option.

limitFileExtensions

Boolean

Instructs the Cybereason platform to only scan certain types of file extensions during a scan.

This field is not available by default. Open a Technical Support case to display the Advanced configuration options, including this option.

ignoreNetworkPaths

Boolean

Instructs the Cybereason platform to not scan network paths as part of a scan.

scanArchives

Boolean

Instructs the Cybereason platform to scan zip files. If you want to use this option, you must enter false for the limitFileExtensions key.

This field is not available by default. Open a Technical Support case to display the Advanced configuration options, including this option.