Announcing ZENworks Endpoint Security Antimalware

ZENworks Endpoint Security Management has long secured Windows devices through capabilities such as data encryption, application and hardware control, VPN enforcement, secure Wi-Fi access, and firewall protection. With the release of ZENworks 2020 Update 2, you can now add malware protection to this list.

Protection for Windows Endpoints

ZENworks Endpoint Security Antimalware provides malware protection for Windows 10 workstations and Windows Server 2012 (and newer) servers. The Antimalware Agent (i.e. scan engine) uses both conventional malware signature files to detect known viruses in infected files and advanced heuristic analysis to identify unknown threats in suspect files.

The Antimalware Agent provides real-time (on-access) protection by scanning files as they are opened, moved, copied, or executed on local and network drives.

The agent also provides multiple on-demand scan types to provide detection and removal of threats that have already made it onto the device. This includes:

  • Full and Quick scans of local and removable drives, on-connection scans of external storage devices, and contextual scans of folders and files initiated by users.
  • Custom scans to supplement the Full and Quick scans.
  • Network scans to have a device regularly scan a network drive location.

You can schedule Full, Quick, Custom, and Network scans, and control whether users can run scans or interact with the Antimalware Agent via threat notifications and alerts.

Centralised Management of Scan Policies

The Antimalware Agent behaviour and scan settings are configured via four Antimalware policies in ZENworks Control Center

Figure 2: Policy page

The only required policy is the Antimalware Enforcement policy. It defines settings for the base scans (On-Access, Full, Quick, External Device, and Contextual). To make policy creation easier, the settings are pre-configured for optimal performance and protection, but you can modify them as needed. This includes defining the locations to scan, the file types to scan (all files, applications only, or defined file extensions), additional scan behaviours such as rootkit and Potentially Unwanted Applications (PUA) scans, and the actions to take on infected and suspect files.

The other three policies let you create Custom and Network scans as well as define global folder and file exclusions for scans.

Centralised Monitoring of Device Malware Status

No one likes to be in the dark regarding threats to their devices. With ZENworks Control Center, you get four Antimalware dashlets that visually inform you of the malware threat status for each of your ZENworks-protected devices.

Figure 3: Dashlet summary page
  1. The Device Malware Status dashlet categorises each device as having No Threats, Resolved Threats, or Unresolved Threats. Resolved threats are files that have been disinfected, quarantined, or deleted. Unresolved threats are files that have been ignored (via policy configuration) or blocked (by the Antimalware Agent). These threats still reside on the device and you should investigate them.
  2. The Top Malware Threats dashlet shows the threats detected in your system and the number of devices impacted by each threat.
  3. The Device Last Malware Scan dashlet helps you identify devices that havent performed malware scans recently
  4. The Device Malware Signature Version dashlet helps you identify devices that might not be receiving regular signature updates.

You can expand each dashlet to see more details. For example, the expanded Device Malware Status dashlet lists the threat status and number of threats for each device. It also shows information such as when the last Full and Quick scans occurred .

Figure 4: Device Malware Status dashlet detail

Each dashlet is customisable to allow you to have multiple versions of the same type of dashlet. For example, you could create a Device Malware Status dashlet to track your Windows Servers and another one to track devices belonging to your remote workers.

Drill downs in the dashlets let you get even more details about the items in the dashlet list. With the Device Malware Status dashlet, when you click the Threat Status for a device, the devices Antimalware page displays (Figure 5). The page not only shows the devices threat status for the last 24 hours, last 7 days, and last 30 days, but also shows the current Antimalware Agent and signature versions, scan schedules, detected threats, and infected/suspect files with their current status (disinfected, quarantined, and so forth).

Figure 5: Device Threat status page

ZENworks Endpoint Security Antimalware is being introduced in the ZENworks 2020 Update 2 release which is currently in the beta programme.

Leave a Reply