| Parameter |
Choices/Defaults |
Comments |
|
alert_enabled
boolean
|
|
Controls whether to create an alert when the Malware Scan Configuration logs an event. Set to true to enable the alert.
|
|
behavior_monitoring_enabled
boolean
|
|
Controls whether to detect suspicious activity and unauthorized changes (including ransomware). Set to true to detect.
|
|
cpu_usage
string
|
|
CPU usage.
|
|
custom_remediation_actions_enabled
boolean
|
|
Controls whether to use the action ActiveActions recommends when malware is detected. Set to true to use the action ActiveAction recommends.
|
|
custom_scan_actions_enabled
boolean
|
|
Controls whether to use custom actions. Use true to enable custom actions.
|
|
description
string
|
|
Description of the anti-malware configuration.
|
|
directories_to_scan
string
|
Choices:
- all-directories
- directory-list
|
Specify if the scan will be peformed on all the directories or on a subset.
|
|
directory_list_id
integer
|
|
ID of the directory list to scan.
|
|
document_exploit_heuristic_level
string
|
Choices:
- default
- default-and-agressive
|
Controls whether to scan for exploits of known critical vulnerabilites as well as aggessively detect suspicious behaviour that could be an unknown exploit.
|
|
document_exploit_protection
string
|
Choices:
- critical-only
- critical-and-heuristic
|
Scan for exploits against known critical vulnerabilities only.
|
|
document_exploit_protection_enabled
boolean
|
|
Controls whether to scan for known critical vulnerabilities. Use true to enable scan.
|
|
document_recovery_enabled
boolean
|
|
Controls whether to back up ransomware-encrypted files. Set to true to back up.
|
|
excluded_directory_list_id
integer
|
|
ID of the directory list to exclude from the scan.
|
|
excluded_file_extension_list_id
integer
|
|
ID of the file extension list to exclude from the scan.
|
|
excluded_file_list_id
integer
|
|
ID of the file list to exclude from the scan.
|
|
excluded_process_image_file_list_id
integer
|
|
ID of the process image file list to exclude from the scan.
|
|
file_extension_list_id
integer
|
|
ID of the file extension list to scan.
|
|
files_to_scan
string
|
Choices:
- all-files
- intelliscan-file-types
- file-extension-list
|
Specify if scan will be performed on all files, a subset or by using IntelliScan.
|
|
intelli_trap_enabled
boolean
|
|
Controls whether IntelliTrap is enabled. Set to true to enable.
|
|
machine_learning_enabled
boolean
|
|
Controls whether predictive machine learning is enabled. Set to true to enable.
|
|
memory_scan_enabled
boolean
|
|
Controls whether to scan process memory for malware. Use true to enable scan.
|
|
microsoft_office_enabled
boolean
|
|
Controls whether to scan Embedded Microsoft Office Objects. Use true to enable scan.
|
|
microsoft_office_layers
integer
|
|
Number of Microsoft Object Linking and Embedding (OLE) Layers to scan.
|
|
name
string
/ required
|
|
Name of the anti-malware configuration.
|
|
network_directories_enabled
boolean
|
|
Controls whether to scan network directories. Set to true to enable.
|
|
real_time_scan
string
|
Choices:
- read-only
- write-only
- read-write
|
Specify when to perform the real-time scan.
|
|
scan_action_for_cookies
string
|
|
The action to take when cookies are detected.
|
|
scan_action_for_cve
string
|
Choices:
- pass
- delete
- quarantine
- deny-access
|
The action to take when a CVE exploit is detected.
|
|
scan_action_for_heuristics
string
|
Choices:
- pass
- delete
- quarantine
- deny-access
|
The action to take when malware identified with heuristics are detected.
|
|
scan_action_for_other_threats
string
|
Choices:
- pass
- delete
- quarantine
- clean
- deny-access
|
The action to take when other threats are detected.
|
|
scan_action_for_packer
string
|
Choices:
- pass
- delete
- quarantine
- deny-access
|
The action to perform when a packer is detected.
|
|
scan_action_for_possible_malware
string
|
Choices:
- active-action
- pass
- delete
- quarantine
- deny-access
|
The action to take when possible malware is detected.
|
|
scan_action_for_spyware
string
|
Choices:
- pass
- delete
- quarantine
- deny-access
|
The action to perform when spyware is detected.
|
|
scan_action_for_trojans
string
|
Choices:
- pass
- delete
- quarantine
- deny-access
|
The action to perform when a trojan is detected.
|
|
scan_action_for_virus
string
|
Choices:
- pass
- delete
- quarantine
- clean
- deny-access
|
The action to perform when a virus is detected.
|
|
scan_compressed_enabled
boolean
|
|
Controls whether to scan compressed files. Use true to enable scan.
|
|
scan_compressed_maximum_files
integer
|
|
Maximum number of files to extract.
|
|
scan_compressed_maximum_levels
integer
|
|
The maximum number of levels of compression to scan.
|
|
scan_compressed_maximum_size
integer
|
|
Maximum size of compressed files to scan, in MB.
|
|
scan_type
string
|
Choices:
- real-time
- on-demand
|
The type of malware scan configuration.
|
|
spyware_enabled
boolean
|
|
Controls whether to enable spyware/grayware protection. Set to true to enable.
|
|
state
string
|
Choices:
present ← - absent
|
The state the configuration should be left in
|