Antivirus and Antimalware protection policy
Antivirus and Antimalware protection policy is a security policy that enables protection of your workloads with the built-in antivirus and antimalware solution.
For more information on the Antivirus and Antimalware protection functionality, refer to https://www.acronis.com/en-us/support/documentation/CyberProtectionService/index.html#44152
The following example can be used when creating a protection plan with this protection policy:
Policy example
1{
2 # Put a unique ID of the policy here.
3 "id": "",
4 # Antivirus and Antimalware protection policy type is 'policy.security.antimalware_protection'
5 'type': 'policy.security.antimalware_protection',
6 'parent_ids': [
7 # Put the ID of total protection policy here.
8 ],
9 'origin': 'upstream',
10 'enabled': True,
11 'settings_schema': '2.0',
12 'settings': {
13 # An object with Advanced Antimalware settings.
14 'advanced_antimalware_protection': {
15 # Set to true to enable Advanced Antimalware.
16 'enabled': True
17 },
18 # An object with behavior engine settings.
19 'behavior_engine_settings': {
20 # An action that will be executed when the malicious process is found. 'QUARANTINE_PROCESS' means that an alert will be generated and the process will be stopped and its executable file will be moved to the quarantine folder.
21 'action_on_detection': 'QUARANTINE_PROCESS',
22 # Set to true to enable behavior engine.
23 'enabled': True
24 },
25 # An object with exclusions.
26 'exclusions': {
27 'backup_protection_whitelist': [],
28 'blocked_files_and_folders': [],
29 'blocked_processes': [],
30 'not_monitored_files_and_folders': [],
31 'trusted_processes': []
32 },
33 # An object with exploit prevention settings.
34 'exploit_prevention_settings': {
35 # An action that will be executed when the malicious process is found.
36 'action_on_detection': 'STOP_PROCESS',
37 # Set to true to enable exploit prevention.
38 'enabled': True,
39 # A list of techniques that are used to identify the malicious process.
40 'techniques': [
41 'RETURN_ORIENTED_PROGRAMMING',
42 'MEMORY',
43 'CODE_INJECTION',
44 'PRIVILEGE_ESCALATION'
45 ]
46 },
47 # An object with real-time protection options.
48 'on_access_scan_settings': {
49 # An action to execute if a malware was accessed.
50 'action_on_detection': 'QUARANTINE',
51 # Set to true to enable real-time protection.
52 'enabled': True,
53 # A scan mode. 'SMART_ON_ACCESS' means that all system activities are monitored and files are automatically scanned when they are accessed for reading or writing, or whenever a program is launched.
54 'scan_mode': 'SMART_ON_ACCESS'
55 },
56 # An object with scheduled scan options
57 'on_demand_scans': [
58 {
59 # An action to execute if a malware was found during scan.
60 'action_on_detection': 'QUARANTINE',
61 # Set to true to disable the scan when the machine is running on battery power.
62 'disable_schedule_on_battery_power': True,
63 # Set to true to enable the scan.
64 'enabled': True,
65 # Set to true to scan only new and changed files.
66 'scan_only_new_and_changed_files': True,
67 # An object with the schedule settings
68 'schedule': {
69 'activation': {
70 'action': 'run',
71 'timeout': {
72 'count': 3600,
73 'type': 'seconds'
74 }
75 },
76 'alarms': {
77 'time': {
78 'run_later': False,
79 'time_from': {
80 'hour': 14,
81 'minute': 15,
82 'second': 0
83 },
84 'wake_on_lan': False,
85 'weekdays': [
86 'mon',
87 'tue',
88 'wed',
89 'thu',
90 'fri',
91 'sat',
92 'sun'
93 ]
94 }
95 },
96 'conditions': {},
97 'prevent_sleep': True,
98 'type': 'daily'
99 },
100 # A type of scan. 'QUICK_SCAN' means that only system files are checked during the scan.
101 'third_party_antivirus_scan_type': 'QUICK_SCAN'
102 },
103 {
104 # An action to execute if a malware was found during scan.
105 'action_on_detection': 'QUARANTINE',
106 # Set to true to disable the scan when the machine is running on battery power.
107 'disable_schedule_on_battery_power': True,
108 # Set to true to enable the scan.
109 'enabled': True,
110 # An object with the archive scanning options.
111 'scan_archive_files': {
112 # Maximum size of the archive to scan.
113 'max_archive_size': 100,
114 # A unit of size measurement.
115 'max_archive_size_unit': 'KB',
116 # Maximum number of files in the archive.
117 'max_number_of_files': 10,
118 # Specifies how many levels of embedded archives can be scanned.
119 'max_recursion_depth': 1
120 },
121 # Set to true to scan only new and changed files.
122 'scan_only_new_and_changed_files': True,
123 # An object with removable drives scanning settings.
124 'scan_removable_drives': {
125 # Set to true to allow scanning of CDs/DVDs.
126 'cd_dvd': False,
127 # Set to true to allow scanning of mapped network drives.
128 'network_drives': False,
129 # Set to true to allow scanning of USB storage devices.
130 'usb': False
131 },
132 # An object with the schedule settings
133 'schedule': {
134 'activation': {
135 'action': 'run',
136 'timeout': {
137 'count': 3600,
138 'type': 'seconds'
139 }
140 },
141 'alarms': {
142 'time': {
143 'run_later': False,
144 'time_from': {
145 'hour': 16,
146 'minute': 0,
147 'second': 0
148 },
149 'wake_on_lan': False,
150 'weekdays': [
151 'fri'
152 ]
153 }
154 },
155 'conditions': {},
156 'prevent_sleep': True,
157 'type': 'daily'
158 },
159 # A type of scan. 'FULL_SCAN' means that all files are checked during the scan.
160 'third_party_antivirus_scan_type': 'FULL_SCAN'
161 }
162 ],
163 # A quarantine period in days.
164 'quarantine_period': 30
165 }
166}