Configure Anti-Malware
Configure the Anti-Malware module to define its behavior for a policy.
When designing the modules behavior and implementing it using the API, use the same background information and guidance that is provided int he Deep Security Help Center.
Policy objects contain two objects that you use to configure the Anti-Malware module:
AntiMalwarePolicyExtension
: Controls the module state (on or off), identifies the malware scan configurations to use, and the schedule to use for real-time scans.PolicySettings
: Policy settings include many Anti-Malware-related settings that control the behavior of the module, such as the behavior of SmartScan, NSX security tagging, Connected Threat Defense, and scan performance.Configure Anti-Malware-related policy settings as described in Configure policy and default policy settings.
The following JSON represents the data structure of an AntiMalwarePolicyExtension object:
{ "state": "on", "moduleStatus": {...}, "realTimeScanConfigurationID": 1, "realTimeScanScheduleID": 4, "manualScanConfigurationID": 2, "scheduledScanConfigurationID": 3 }
The moduleStatus
property is read-only. It provides the runtime status of the Anti-Malware module. (See Report on Computer Status.)
General steps
Use the following steps to configure the Anti-Malware module:
- Create an
AntiMalwarePolicyExtension
object and configure the properties. - Create a
PolicySettings
object to configure runtime settings of the module. (See Configure policy and default policy settings.) - Create a
Policy
object and add theAntiMalwarePolicyExtension
> andPolicySettings
objects. - Use a
PoliciesApi
object to add or update the policy on Deep Security Manager.
Create an AntiMalwarePolicyExtension
and set property values to configure the state, identify the malware scan configurations to use, and the schedule for real-time scans:
anti_malware_policy_config = api.AntiMalwarePolicyExtension() anti_malware_policy_config.state = "on" anti_malware_policy_config.real_time_scan_configuration_id = real_time_scan_config_id anti_malware_policy_config.real_time_scan_schedule_id = schedule_id
const antiMalwarePolicyExtension = new api.AntiMalwarePolicyExtension(); antiMalwarePolicyExtension.state = api.AntiMalwarePolicyExtension.StateEnum.on; antiMalwarePolicyExtension.realTimeScanConfigurationID = realTimeScanConfigID; antiMalwarePolicyExtension.realTimeScanScheduleID = scheduleID;
AntiMalwarePolicyExtension antiMalwarePolicyExtension = new AntiMalwarePolicyExtension(); antiMalwarePolicyExtension.setState(AntiMalwarePolicyExtension.StateEnum.ON); antiMalwarePolicyExtension.setRealTimeScanConfigurationID(realTimeScanConfigID); antiMalwarePolicyExtension.setRealTimeScanScheduleID(scheduleID);
Add the AntiMalwarePolicyExtension
object to a Policy
object, and then useaPoliciesApi
object to modify a policy on Deep Security Manager.
policy = api.Policy() policy.anti_malware = anti_malware_policy_config policies_api = api.PoliciesApi(api.ApiClient(configuration)) return policies_api.modify_policy(policy_id, policy, api_version)
const policy = new api.Policy(); policy.antiMalware = antiMalwarePolicyExtension; const policiesApi = new api.PoliciesApi(); return policiesApi.modifyPolicy(policyID, policy, apiVersion, { overrides: false });
Policy policy = new Policy(); policy.setAntiMalware(antiMalwarePolicyExtension); // Modify the policy on Deep Security Manager PoliciesApi policiesApi = new PoliciesApi(); return policiesApi.modifyPolicy(policyID, policy, Boolean.FALSE, apiVersion);
The policy_id
(or policyID
) parameter of modifyPolicy
identifies the actual policy on Deep Security Manager that is to be modified. This policy is modified according to the policy object that is used as the policy
arameter. Any properties of the policy
parameter that are not set remain unchanged on the actual policy.
Example
The following example creates an AntiMalwarePolicyExtension
object and uses it to turn on the Anti-Malware module, set the real-time scan configuration to use, and specify the scan schedule for real-time scans.
# Create and configure the Anti-maware policy anti_malware_policy_config = api.AntiMalwarePolicyExtension() anti_malware_policy_config.state = "on" anti_malware_policy_config.real_time_scan_configuration_id = real_time_scan_config_id anti_malware_policy_config.real_time_scan_schedule_id = schedule_id # Add the configuration to the policy policy = api.Policy() policy.anti_malware = anti_malware_policy_config # Modify the policy on Deep Security Manager policies_api = api.PoliciesApi(api.ApiClient(configuration)) return policies_api.modify_policy(policy_id, policy, api_version)
const policy = new api.Policy(); const policiesApi = new api.PoliciesApi(); // Create and configure the AntiMalwarePolicyExtension object const antiMalwarePolicyExtension = new api.AntiMalwarePolicyExtension(); antiMalwarePolicyExtension.state = api.AntiMalwarePolicyExtension.StateEnum.on; antiMalwarePolicyExtension.realTimeScanConfigurationID = realTimeScanConfigID; antiMalwarePolicyExtension.realTimeScanScheduleID = scheduleID; // Add to the policy policy.antiMalware = antiMalwarePolicyExtension; // Send the change to Deep Security Manager policiesApi .modifyPolicy(policyID, policy, apiVersion, { overrides: false }) .then(data => { resolve(data); }) .catch(error => { reject(error); });
// Create a PolicyLevelConfigurationForTheAntiMalwareModule object and configure AntiMalwarePolicyExtension antiMalwarePolicyExtension = new AntiMalwarePolicyExtension(); antiMalwarePolicyExtension.setState(AntiMalwarePolicyExtension.StateEnum.ON); antiMalwarePolicyExtension.setRealTimeScanConfigurationID(realTimeScanConfigID); antiMalwarePolicyExtension.setRealTimeScanScheduleID(scheduleID); Policy policy = new Policy(); policy.setAntiMalware(antiMalwarePolicyExtension); // Modify the policy on Deep Security Manager PoliciesApi policiesApi = new PoliciesApi(); policy = policiesApi.modifyPolicy(policyID, policy, Boolean.FALSE, apiVersion);
Also see the Modify a Policy operation in the API Reference. For information about authenticating API calls, see Authenticate with Deep Security Manager.
Create and modify malware scan configurations
Malware scan configurations determine how the Anti-Malware module performs scans to detect malware. A malware scan configuration can be used with multiple policies.
When designing malware scan behavior and implementing it using the API, use the same background information and guidance that is provided in the Deep Security Help Center.
Use an AntiMalwareConfiguration
object to configure a malware scan configuration. Set the property values according to the scan behavior that you require, such as the scan type, the files and directories to scan, and the actions to take when malware is detected.
To see all of the available properties of AntiMalwareConfiguration
, expand the 200 response for the Describe an Anti-Malware Configuration operation in the API Reference.
General steps for creating malware scan configurations
To create a malware scan configuration, perform the following general steps:
- Create an
AntiMalwareConfiguration
object. - Set the property values of the object. (See also Create and Modify Lists and Create and Configure Schedules.)
- Use an
AntiMalwareConfigurationsApi
object to update Deep Security Manager.
For example, set the directories to exclude from the malware scan:
real_time_config = api.AntiMalwareConfiguration() real_time_config.excluded_directory_list_id = dir_list_id
const realtimeConfig = new api.AntiMalwareConfiguration(); realtimeConfig.excludedDirectoryListID = dirListID;
AntiMalwareConfiguration realtimeConfig = new AntiMalwareConfiguration(); realtimeConfig.setExcludedDirectoryListID(dirListId);
For information about creating a directory exclusion list, see Create and Modify Lists.
Use an AntiMalwareConfiugrationsApi
object to modify or create a scan configuration on Deep Security Manager:
am_configurations_api = api.AntiMalwareConfigurationsApi(api.ApiClient(configuration)) modified_am_config = am_configurations_api.modify_anti_malware(scan_config_id, real_time_config, api_version)
const amConfigurationsApi = new api.AntiMalwareConfigurationsApi(); return amConfigurationsApi.modifyAntiMalware(scanConfigID, realtimeConfig, apiVersion);
AntiMalwareConfigurationsApi amConfigsApi = new AntiMalwareConfigurationsApi(); AntiMalwareConfiguration modifiedRealtimeConfig = amConfigsApi.modifyAntiMalware(scanConfigID, realtimeConfig, apiVersion);
The scan_config_id
(or scanConfigID
) parameter of modifyAntiMalware
identifies the actual malware scan configuration on Deep Security Manager that is to be modified. This scan configuration is modified according to the AntiMalwareScanConfiguration
object that is used as the real_time_config
(or realtimeConfig
) parameter. Any properties of the object that are not set remain unchanged on the actual malware scan configuration.
To create a malware scan configuration, use the createAntiMalware
function or method of AntiMalwareConfugrationsApi
.
Example malware scan configuration
The following example sets the directory exclusions for a malware scan configuration and modifies the scan configuration on Deep Security Manager.
# Create an anti-malware scan configuration real_time_config = api.AntiMalwareConfiguration() # Set the exclusion real_time_config.excluded_directory_list_id = dir_list_id # Modify the anti-malware scan configuration on Deep Security Manager am_configurations_api = api.AntiMalwareConfigurationsApi(api.ApiClient(configuration)) return am_configurations_api.modify_anti_malware(scan_config_id, real_time_config, api_version)
// Create a malware scan configuration const realtimeConfig = new api.AntiMalwareConfiguration(); // Set the exclusion realtimeConfig.excludedDirectoryListID = dirListID; // Modify the scan configuration on Deep Security Manager const amConfigurationsApi = new api.AntiMalwareConfigurationsApi(); amConfigurationsApi .modifyAntiMalware(scanConfigID, realtimeConfig, apiVersion) .then(scanConfig => { resolve(scanConfig.ID); }) .catch(error => { reject(error); });
// create a real time scan configuration object AntiMalwareConfiguration realtimeConfig = new AntiMalwareConfiguration(); // Set the ID of the directory exclusion list realtimeConfig.setExcludedDirectoryListID(dirListId); // Update Deep Security Manager AntiMalwareConfigurationsApi amConfigsApi = new AntiMalwareConfigurationsApi(); realtimeConfig = amConfigsApi.modifyAntiMalware(scanConfigID, realtimeConfig, apiVersion);
To use an HTTP client to interact with a malware scan configuration, use the /api/antimalwareconfigurations endpoint. (See the Anti Malware Configurations operations in the API Reference.)