Antivirus and Antimalware protection policy
Antivirus and Antimalware protection policy is a security policy that enables protection of your workloads with the built-in antivirus and antimalware solution. For more information on the Antivirus and Antimalware protection functionality, see this section of the Acronis Cyber Protection User Guide.
The following example can be used when creating a protection plan with this protection policy:
Policy example
1{
2 # Put a unique ID of the policy here.
3 "id": "",
4 # Antivirus and Antimalware protection policy type is 'policy.security.antimalware_protection'
5 'type': 'policy.security.antimalware_protection',
6 'parent_ids': [
7 # Put the ID of total protection policy here.
8 ],
9 'origin': 'upstream',
10 'enabled': True,
11 'settings_schema': '2.0',
12 'settings': {
13 # An object with Advanced Antimalware settings.
14 'advanced_antimalware_protection': {
15 # Set to true to enable Advanced Antimalware.
16 'enabled': True
17 },
18 # An object with behavior engine settings.
19 'behavior_engine_settings': {
20 # An action that will be executed when the malicious process is found. 'QUARANTINE_PROCESS' means that an alert will be generated and the process will be stopped and its executable file will be moved to the quarantine folder.
21 'action_on_detection': 'QUARANTINE_PROCESS',
22 # Set to true to enable behavior engine.
23 'enabled': True
24 },
25 # An object with exclusions.
26 'exclusions': {
27 'backup_protection_whitelist': [],
28 'blocked_files_and_folders': [],
29 'blocked_processes': [],
30 'not_monitored_files_and_folders': [],
31 'trusted_processes': []
32 },
33 # An object with exploit prevention settings.
34 'exploit_prevention_settings': {
35 # An action that will be executed when the malicious process is found.
36 'action_on_detection': 'STOP_PROCESS',
37 # Set to true to enable exploit prevention.
38 'enabled': True,
39 # A list of techniques that are used to identify the malicious process.
40 'techniques': [
41 'RETURN_ORIENTED_PROGRAMMING',
42 'MEMORY',
43 'CODE_INJECTION',
44 'PRIVILEGE_ESCALATION'
45 ]
46 },
47 # An object with real-time protection options.
48 'on_access_scan_settings': {
49 # An action to execute if a malware was accessed.
50 'action_on_detection': 'QUARANTINE',
51 # Set to true to enable real-time protection.
52 'enabled': True,
53 # A scan mode. 'SMART_ON_ACCESS' means that all system activities are monitored and files are automatically scanned when they are accessed for reading or writing, or whenever a program is launched.
54 'scan_mode': 'SMART_ON_ACCESS'
55 },
56 # An object with scheduled scan options
57 'on_demand_scans': [
58 {
59 # An action to execute if a malware was found during scan.
60 'action_on_detection': 'QUARANTINE',
61 # Set to true to disable the scan when the machine is running on battery power.
62 'disable_schedule_on_battery_power': True,
63 # Set to true to enable the scan.
64 'enabled': True,
65 # Set to true to scan only new and changed files.
66 'scan_only_new_and_changed_files': True,
67 # An object with the schedule settings
68 'schedule': {
69 'activation': {
70 'action': 'run',
71 'timeout': {
72 'count': 3600,
73 'type': 'seconds'
74 }
75 },
76 'alarms': {
77 'time': {
78 'run_later': False,
79 'time_from': {
80 'hour': 14,
81 'minute': 15,
82 'second': 0
83 },
84 'wake_on_lan': False,
85 'weekdays': [
86 'mon',
87 'tue',
88 'wed',
89 'thu',
90 'fri',
91 'sat',
92 'sun'
93 ]
94 }
95 },
96 'conditions': {},
97 'prevent_sleep': True,
98 'type': 'daily'
99 },
100 # A type of scan. 'QUICK_SCAN' means that only system files are checked during the scan.
101 'third_party_antivirus_scan_type': 'QUICK_SCAN'
102 },
103 {
104 # An action to execute if a malware was found during scan.
105 'action_on_detection': 'QUARANTINE',
106 # Set to true to disable the scan when the machine is running on battery power.
107 'disable_schedule_on_battery_power': True,
108 # Set to true to enable the scan.
109 'enabled': True,
110 # An object with the archive scanning options.
111 'scan_archive_files': {
112 # Maximum size of the archive to scan.
113 'max_archive_size': 100,
114 # A unit of size measurement.
115 'max_archive_size_unit': 'KB',
116 # Maximum number of files in the archive.
117 'max_number_of_files': 10,
118 # Specifies how many levels of embedded archives can be scanned.
119 'max_recursion_depth': 1
120 },
121 # Set to true to scan only new and changed files.
122 'scan_only_new_and_changed_files': True,
123 # An object with removable drives scanning settings.
124 'scan_removable_drives': {
125 # Set to true to allow scanning of CDs/DVDs.
126 'cd_dvd': False,
127 # Set to true to allow scanning of mapped network drives.
128 'network_drives': False,
129 # Set to true to allow scanning of USB storage devices.
130 'usb': False
131 },
132 # An object with the schedule settings
133 'schedule': {
134 'activation': {
135 'action': 'run',
136 'timeout': {
137 'count': 3600,
138 'type': 'seconds'
139 }
140 },
141 'alarms': {
142 'time': {
143 'run_later': False,
144 'time_from': {
145 'hour': 16,
146 'minute': 0,
147 'second': 0
148 },
149 'wake_on_lan': False,
150 'weekdays': [
151 'fri'
152 ]
153 }
154 },
155 'conditions': {},
156 'prevent_sleep': True,
157 'type': 'daily'
158 },
159 # A type of scan. 'FULL_SCAN' means that all files are checked during the scan.
160 'third_party_antivirus_scan_type': 'FULL_SCAN'
161 }
162 ],
163 # A quarantine period in days.
164 'quarantine_period': 30
165 }
166}