Maximum disk space used to store quarantined files: This setting determines how much disk space can be used to store quarantined files. It applies globally to all computers: physical machines, virtual machines, and Virtual Appliances. The setting can be overridden at the Policy level and at the Computer level. If you are using a Virtual Appliance to provide protection to virtual machines, all quarantined files from the Agentless VMs will be stored on the Virtual Appliance. As a result, you should increase the amount of disk space for quarantined files on the Virtual Appliance.
Quarantined files will be automatically deleted from a Virtual Appliance under the following circumstances:
Maximum file size to scan: Files exceeding this file size will not be scanned. (Setting a value of 0 means that there is no maximum size. All files will be scanned.)
Use multithreaded processing for Malware Scans (if available): Enables multithreaded processing on systems that support this capability. It only applies to Manual/Scheduled Scans, not to Real-Time Scanning.
Allowed Spyware/Grayware: Use this setting to maintain a list of allowed applications that have been identified as spyware/grayware by Vulnerability ProtectionDeep Security.
Spyware/grayware can be added to the approved list in one of two ways. You can add it using an Anti-Malware Event where the application was detected or you can manually enter the name of the spyware/grayware.
To add spyware/grayware to the list of allowed spyware/grayware using an Anti-Malware Event:
If the application has already been detected by the scan engine, it may already have been quarantined or deleted, depending on what your current spyware/grayware settings are. If it has been quarantined you will have to restore or reinstall the application. See Anti-Malware > Quarantined Files for information on restoring quarantined files. Alternatively, you can run a spyware/grayware scan with Action set to "Pass" mode so that all spyware/grayware detections are recorded on the Anti-Malware Events page but "passed" over and neither quarantined nor deleted. You can then add the selected spyware/grayware to the allowed list using this method and afterwards set Action to "Quarantine" or "Delete" modes.
To manually add spyware/grayware to the list of allowed spyware/grayware:
Note the name of the application as it is displayed in the Anti-Malware Event log and add it manually to the Allowed Spyware/Grayware List.
Display local notifications when malware is detected: This setting determines whether the Vulnerability ProtectionDeep Security Notifier (if it is installed locally on the computer) will display a pop up notification that malware has been detected.
Scan Caching is used by the Virtual Appliance to maximize the efficiency of Malware and Integrity Monitoring Scans of virtual machines. For information on Scan Cache configurations, see Virtual Appliance Scan Caching.
Deep Security can apply NSX Security Tags to protected VMs upon detecting a malware threat. NSX Security Tags can be used with NSX Service Composer to automate certain tasks, such as quarantining infected VMs. Consult your VMware NSX documentation for more information on NSX Security Tags and dynamic NSX Security Group assignment.
You can choose to only apply the NSX Security Tag if the remediation action attempted by the Anti-Malware engine fails. (The remediation action is determined by the Malware Scan Configuration that is in effect. To see which Malware Scan Configuration is in effect, go to the Computer/Policy Editor > Anti-Malware > General tab and check the Real-Time Scan, Manual Scan, and Scheduled Scan areas.)
You can also choose to have the Security Tag removed if a subsequent Malware Scan does not detect any malware. You should only use this setting if all Malware Scans will be of the same kind.