Home » Guide to Malware Protection Strategies
Applicable For Endpoint Central MSP 
 
 
On-PremisesCloud

Comprehensive Guide to Malware Protection Strategies

This guide presents best practices for configuring and managing the Endpoint Central's Malware Protection module to ensure comprehensive security. By implementing these recommendations, organizations can enhance threat detection, minimize vulnerabilities, and maintain a robust IT environment.

  1. Optimizing Detection Settings for Maximum Accuracy

    To achieve the highest level of protection, the Detection Settings should be configured for maximum accuracy. The Ransomware Detection Engine, Deep-AV Engine, and Behavior Detection Engine must be set to preventive mode to proactively neutralize any malicious processes before they can inflict damage. Additionally, enabling On-DLL Load and On-Write settings for detection triggers ensures real-time scanning, facilitating immediate identification and mitigation of threats when files are accessed or modified.

  2. Configuring Notifications for Rapid Response

    Timely alerts are crucial for an effective security strategy. Admin notifications should be enabled and directed to the Security Operations Center (SOC) team or other frequently monitored email domains. This ensures that security personnel receive real-time threat alerts, allowing for swift and decisive action to mitigate risks before they escalate.

  3. Implementing Immediate Response to Security Alerts

    When an alert is triggered, the compromised machine must be immediately quarantined from the network to prevent the spread of malware. Effective quarantine and release procedures are essential for isolating infected devices while minimizing disruption to business operations. A proactive incident response strategy ensures that security threats are addressed without delay, reducing the risk of further compromise.

    Each alert must be thoroughly investigated. If confirmed as a true positive, the malicious process should be terminated, and the system restored to its pre-malware state. If identified as a false positive, the process should be added to the exclusion list to prevent unnecessary future detections, streamlining security operations.

  4. Configuring Cleanup Policies for Efficient Data Management

    To maintain optimal system performance and adhere to security policies, Cleanup Policy settings should be configured to retain information about detected incidents for a maximum of 90 days. This ensures that organizations have access to recent security event logs for analysis while preventing unnecessary data accumulation.

By adhering to these best practices, organizations can strengthen their malware protection strategies, enhance their incident response capabilities, and establish a resilient and secure endpoint environment.

Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.
Back to Top