Detect malicious behavior

If you use role-based administration:

  • You must have the Policy setting - anti-virus and HIPS right to perform this task.
  • You cannot edit a policy if it is applied outside your active sub-estate.

For more information, see Managing roles and sub-estates.

Malicious behavior detection is the dynamic analysis of all programs running on the computer to detect and block activity that is known to be malicious.

By default, malicious behavior detection is enabled.

To change the settings for detecting and reporting malicious behavior:

  1. Check which anti-virus and HIPS policy is used by the group or groups of computers you want to configure.

    See Check which policies a group uses.

  2. In the Policies pane, double-click Anti-virus and HIPS.
  3. Double-click the policy you want to change.
    The Anti-Virus and HIPS policy dialog box is displayed.
  4. In the On-access scanning panel, make sure the Enable behavior monitoring check box is selected.
  5. Beside Enable behavior monitoring, click Configure.
  6. In the Configure Behavior Monitoring dialog box:
    • To alert the administrator and block malicious behavior, select the Detect malicious behavior check box.
    • To disable malicious behavior detection, clear the Detect malicious behavior check box.
      Note If you disable malicious behavior detection, suspicious behavior detection will also be disabled. Please note that malicious traffic detection will not be disabled.