PDF

Profile

General

Profile name

This is the name of the profile

Description

This is the description of the profile

TUXGUARD PRO ENDPOINT

Enable TUXGUARD PRO ENDPOINT

This option enables the Anti-Malware functionality

ACTION OD Scan

This option defines the automatic behavior when malware is detected via an On Demand Scan.

Action OA Scan

This option defines the automatic behavior when malware is detected via an On Access Scan (Real Time scan).

Updates

This option defines the update interval.

Telemetry

If turned on, TUXGUARD will receive several information of the client in order make the product more stable. Telemetry data will be send to MixPanel for further analytics.

Data will be send on specific events:

  • update failed
  • license expired
  • engine crashed
  • engine reload failures
  • engine initialization

Data which will be send:

  • event
  • windows version
  • product serial
  • product version
  • timestamp
  • timezone
  • random generated ID

Loglevel

This option defines which data will be logged. The last two option will generate a higher CPU usage of the product.

Show notifications

Notifies the user with a slideup on finished updates or scans, changed licenses etc.

DCM License URL

TUXGUARD PRO ENDPOINT will contact this url for licensing services. If the url is missing or incorrect, the DCM can not register the instance.

Heartbeatstatus URL

TUXGUARD PRO ENDPOINT will contact this url in order to deliver status information. If the url is missing or incorrect, no status information will be delivered to the DCM.

Heartbeatcommand URL

TUXGUARD PRO ENDPOINT will contact this url in order to receive commands. If the url is incorrect or missing, the client will not be able to execute commands.

Update server URL

URL of the update server for vdf and software updates. TUXGUARD's Download URL:

 https://update1.tuxguard.com

Note

If updates should be downloaded from the DCM infrastructure, you must use signed certificates from a certificate authority. If you use a self-signed certificate please make sure you have disabled certificate validation.

Note

At the moment it's only possible to use one URL per setting (except update server url). If TUXGUARD PRO ENDPOINT instances should be able to reach the server whether they are in the internal network or not, you should create a domain pointing to the public IP. Additionally, you should create internal DNS entry pointing to the internal DCM IP.

Disable certificate validation

This option disables the certificate validation for update servers. Check this option if you use a self-signed certificate.

Archive Scan OD

This option defines whether archives should be scanned on an OD Scan

Archive Scan OA

This option defines whether archives should be scanned on an OA Scan

Maximum directory recursion

Defines the scanning depth of a directory

Maximum archive size

Defines the maximum allowed size in byte for any file within an archive, mailbox or mail.

On Access Scan

On Access Scan

Enables the OA Scan functionality. Information regarding the difference between ON Access Scanning and On Demand Scanning can be found in the Section PROENDPOINT / AV SCANS.

OA Scan of remote files

Enables OA Scanning on files accessed on a network location.

OA Scan Timeout

Sets the maximum number of seconds allowed to scan (OA) a file before aborting

Scheduled Scan

Scheduled scan interval

Sets the scheduled OD Scan interval

Scan Type

Sets the scan type of the scheduled scan

Day

day of the week when a scheduled scan should be performed

Time

time when the scan should be perfomed

Proxy Settings

Proxy Server

url of the proxy

User

user name of the connection

Password

Password of the proxy connection

Scan Settings

Heuristic

Defines the heuristic level of the engine.

  • lazy heuristic: detection is the lowest possible mode. the detection is not very good but false positives will be low.
  • normal heuristic: normal heuristic detection
  • high heuristic: detection is the highest possible mode, but false positives will be higher.

Scan Mailbox

Activates detection and scanning of mailboxes.

Scan MIME

Activates detection and scanning of mails.

False Positive Control

Enables a new layer of security regarding false positive prevention.

Detect local phishing

Enables detection of local phishing pages.

SPR

Enables the detection of security and privacy risk programs as malware.

PUA

Enables the detection of potentially unwanted applications as malware.

PFS

Enables the detection of possible fraudulent software as malware.

Cloud Scan

Sends suspicious hashes and files to a cloud scanning services. internet connection is required. Only PE Files are uploaded to the service.

Mode

  • off: disables cloud scan functionality
  • only hash checks: only hashes are submitted to the service
  • full: hash checks and some times PE Files are submitted to the service for further analysis.

Cloud Scan connection timeout

Defines the cloud scan connection timeout in seconds.

Must meet the condition:

apc connection timeout < apc scan time < scan timeout

Cloud Scan timeout

Defines the cloud scan timeout in seconds

Must meet the condition:

apc connection timeout < apc scan time < scan timeout

Cloud Scan process in detail

Process:

  1. TUXGUARD PRO ENDPOINT scans a PE file, which is considered clean at the moment but has a high risk level.

  2. The hash of the file is generated and sent to the cloud service

  3. The hash is compared against known file hashes. There are two possible cases:

  4. The hash belongs to a file that has been previously analyzed and was categorized as "clean" or "malicious"

  5. The hash is unknown. The file will be uploaded and scanned

  6. The result will be send to TUXGUARD PRO ENDPOINT. If it was classified as malware, the threat will be handled.