Advanced settings of Emsisoft endpoint protection | Emsisoft Anti-Malware Tutorial
We’re taking a look at Emsisoft Endpoint Protection’s advanced settings today.
Let’s get started by either clicking on settings here on the main tile window or settings here on the menu.
We’re taking a look at each of these: exclusions, notifications, updates, advanced permissions, and remote management settings.
Starting with the exclusions settings. There are two types, you can exclude files and folders from scanning, and you can exclude programs from monitoring.
Scanning exclusions are used to avoid detections by the on-demand scanner and the file guard.
A use case includes specialized business files that sometimes trigger scan heuristics. You can exclude the entire folder containing those files from scanning.
To do that, I’m just going to click here on “Add folder,” click okay, and the folder that I wanted to exclude will be added and listed right here.
You can click here at “environment variables” to see the list of supported variable extensions. And as you can see, wildcards are accepted, as well.
Monitoring exclusion is a completely different story. This can be used to exclude specific programs that behave similarly to malware and sometimes trigger alerts. Also useful if you find incompatibilities with our protection components.
A use-case would be, let’s say, I run a proprietary business program all the time, and I don’t want Emsisoft to alert me and block the application every time I try to run it.
Just click on add program, select the file, click on open, and there you go. The affected program is now excluded, and it wouldn’t be touched by Emsisoft anymore.
Now, an important note; we recommend that you don’t exclude too much as it will weaken your device’s protection. In an ideal world, you want to keep an empty exclusion list.
In this case, once I am done using this program regularly, I’m going to remove it from the list. I just click on remove, click yes. It’s done.
Moving on to notification settings. Here you can configure, in detail, which things you want to be alerted for, such as software news, updates, and required restarts. You can also configure where you’d like the alert box to appear and how long you’d like it to stay.
Next are the update options. Always keep the automatic updates enabled. It’s critical for your security, as our team publishes new detection patterns every hour. We provide three different update feeds. There’s “Stable,” which is our default monthly release. “Beta,” which gives you access to brand new and untested features. And “Delayed,” which is usually only used in large enterprises where you’re required to test all new versions in-house before they’re deployed to the rest of the company.
By the way, you may have noticed these blue bars on the left side with a light grey background on some of my settings. It just means my device changed the settings from the group policy defaults in the management console.
Moving forward to Advanced settings. Make sure “protection on startup” is on. Otherwise, you’re not protected. “Self-protection” defends the software from unwanted shutdowns through malware. “Memory usage optimization” reduces the amount of RAM required but makes the overall software a bit slower. Only disable this if required. The other settings are mostly self-explanatory. To learn more about each one, just hover over a tooltip to get more information.
Now looking at permissions. By default, only members of the local administrators’ group can edit protection settings. All other users only have basic access. This means they can perform malware scans and see alerts but can’t make any changes to the settings. You may want to restrict access to the software settings in some situations, even for other administrators. Define an administrator password to lock the Emsisoft User Interface in those instances.
We strongly recommend to always set an admin password on unattended and always-on devices, like servers. If hackers manage to access the system, for example, by brute force attack to get the password or via unpatched, leaky software, they always disable the antivirus and anti-malware software first before installing their malware or ransomware. By having password protection against a shutdown, you can easily prevent that attack from happening.
Last but not least is remote management. We strongly recommend that you have all your devices remotely managed, no matter how many devices you have in your environment. This helps you streamline protection configuration and enables essential forensic logs if your computer gets damaged by malware. You can access your MyEmsisoft account by clicking on this link.
And that is all for a look at Emsisoft’s advanced settings, and I will see you in the next video.