Configure Anti-Malware
Configure the Anti-Malware module to define its behavior for a policy.
When designing the modules behavior and implementing it using the API, use the same background information and guidance that is provided inthe Deep Security Help Center.
Policy objects contain two objects that you use to configure the Anti-Malware module:
AntiMalwarePolicyExtension
:Controls the module state (on or off), identifies the malware scan configurations to use, and the schedule to use for real-time scans.PolicySettings
: Policy settings include many Anti-Malware-related settings that control the behavior of the module, such as the behavior of SmartScan, NSX security tagging, Connected Threat Defence, and scan performance.Configure Anti-Malware-related policy settings as described in[Configure policy and default policy settings](../create-and-configure-policies/#settings).
The following JSON represents the data structure of an AntiMalwarePolicyExtension object:
{
"state": "on",
"moduleStatus": {...},
"realTimeScanConfigurationID": 1,
"realTimeScanScheduleID": 4,
"manualScanConfigurationID": 2,
"scheduledScanConfigurationID": 3
}
ThemoduleStatus
property is read-only. It provides the runtime status of the Anti-Malware module. (SeeReport on Computer Status.)
General steps
Use the following steps to configure the Anti-Malware module:
- Create an
AntiMalwarePolicyExtension
object and configure the properties. - Create a
PolicySettings
object to configure runtime settings of the module. (See Configure policy and default policy settings.) - Create a
Policy
object and add theAntiMalwarePolicyExtension
andPolicySettings
objects. - Use a
PoliciesApi
object to add or update the policy on Deep Security Manager.
Create an AntiMalwarePolicyExtension
and set property values to configure the state, identify the malware scan configurations to use, and the schedule for real-time scans:
anti_malware_policy_config = api.AntiMalwarePolicyExtension()
anti_malware_policy_config.state = "on"
anti_malware_policy_config.real_time_scan_configuration_id = real_time_scan_config_id
anti_malware_policy_config.real_time_scan_schedule_id = schedule_id
Add the AntiMalwarePolicyExtension
object to a Policy
object, and then use a PoliciesApi
object to modify a policy on Deep Security Manager.
policy = api.Policy()
policy.anti_malware = anti_malware_policy_config
policies_api = api.PoliciesApi(api.ApiClient(configuration))
return policies_api.modify_policy(policy_id, policy, api_version)
The policy_id
(or policyID
) parameter of modifyPolicy
identifies the actual policy on Deep Security Manager that is to be modified. This policy is modified according to the policy object that is used as the policy
parameter. Any properties of the policy
parameter that are not set remain unchanged on the actual policy.
Example
The following example creates an AntiMalwarePolicyExtension
object and uses it to turn on the Anti-Malware module, set the real-time scan configuration to use, and specify the scan schedule for real-time scans.
# Create and configure the Anti-maware policy
anti_malware_policy_config = api.AntiMalwarePolicyExtension()
anti_malware_policy_config.state = "on"
anti_malware_policy_config.real_time_scan_configuration_id = real_time_scan_config_id
anti_malware_policy_config.real_time_scan_schedule_id = schedule_id
# Add the configuration to the policy
policy = api.Policy()
policy.anti_malware = anti_malware_policy_config
# Modify the policy on Deep Security Manager
policies_api = api.PoliciesApi(api.ApiClient(configuration))
return policies_api.modify_policy(policy_id, policy, api_version)
Also see the Modify a Policy operation in the API Reference. For information about authenticating API calls, see Authenticate with Deep Security Manager.
Create and modify malware scan configurations
Malware scan configurations determine how the Anti-Malware module performs scans to detect malware. A malware scan configuration can be used with multiple policies.
When designing malware scan behavior and implementing it using the API, use the same background information and guidance that is provided in the Deep Security Help Center.
Use an AntiMalwareConfiguration
object to configure a malware scan configuration. Set the property values according to the scan behavior that you require, such as the scan type, the files and directories to scan, and the actions to take when malware is detected.
AntiMalwareConfiguration
, expand the 200 response for the [Describe an Anti-Malware Configuration](../api-reference/#operation/describeAntiMalware) operation in the API Reference.General steps for creating malware scan configurations
To create a malware scan configuration, perform the following general steps:
- Create an
AntiMalwareConfiguration
object. - Set the property values of the object. (See also[Create and Modify Lists](../lists) and [Create and Configure Schedules](../schedules).)
- Use an
AntiMalwareConfigurationsApi
object to update Deep Security Manager.
For example, set the directories to exclude from the malware scan:
real_time_config = api.AntiMalwareConfiguration() real_time_config.excluded_directory_list_id = dir_list_id
For information about creating a directory exclusion list,seeCreate and Modify Lists.
Use an AntiMalwareConfiugrationsApi
object to modify or create a scan configuration on Deep Security Manager:
am_configurations_api = api.AntiMalwareConfigurationsApi(api.ApiClient(configuration)) modified_am_config = am_configurations_api.modify_anti_malware(scan_config_id, real_time_config, api_version)
Thescan_config_id
(orscanConfigID
) parameter ofmodifyAntiMalware
identifies the actual malware scan configuration on Deep Security Manager that is to be modified. This scan configuration is modified according to the AntiMalwareScanConfiguration
object that is used as the real_time_config
(or realtimeConfig
) parameter. Any properties of the objectthat are not set remain unchanged on the actual malware scan configuration.
To create a malware scan configuration,use the createAntiMalware
function or method of AntiMalwareConfugrationsApi
.
Example malware scan configuration
The following example sets the directory exclusions for a malware scan configuration and modifies the scan configuration on Deep Security Manager.
# Create an anti-malware scan configuration
real_time_config = api.AntiMalwareConfiguration()
# Set the exclusion
real_time_config.excluded_directory_list_id = dir_list_id
# Modify the anti-malware scan configuration on Deep Security Manager
am_configurations_api = api.AntiMalwareConfigurationsApi(api.ApiClient(configuration))
return am_configurations_api.modify_anti_malware(scan_config_id, real_time_config, api_version)
To use an HTTP client to interact with a malware scan configuration, use the /api/antimalwareconfigurations endpoint. (See the Anti Malware Configurations operations in the API Reference.)