Padvish Anti-Virus Cnfiguration Instructions For Devices With Limited Resources

Problem

When installing antivirus on systems that are very old or use for specific applications and face high hardware resources. you can make a custom antivirus with fewer resources by making some settings and disabling some of its less useful features.

this document will review some of the proposed settings and the impact of doing so to help network admins/managers choose and run their preferred settings.

You can use the following instructions examples:

  1. Virtual Desktop Infrastructure (VDI)
  2. Thin Client
  3. ATM Machines
  4. Industrial Machines
  5. In-vitro systems
  6. Embedded systems
  7. Very old systems
  8. Ant etc.

Solution 

This instruction is a recommendation and indicates the notes and consequences of changing each setting, so the network managers can decide properly for their systems and networks. Hence, it is necessary to study relevant notes before making any changes.
Settings Impact of Performance The Place of Impact Security Impact
Lite mode settings Effective CPU/Disk Low
System idle scanner settings Effective in a certain situation CPU Low
Padvish DataCop backup settings Effective Disk High
App control settings Effective CPU Low
Cloud network connection settings Low Network Medium
Device control settings Low Low
Peripheral connection volume log settings Low Disk/Network Low
Real-time protection settings Effective CPU/Disk High
Anti-crypto Tamper Protection settings Effective in a certain situation Disk High
Web control settings Low Network Low
Firewall & IPS settings Low Network Low
Reports setting Effective in a certain situation Disk/Network Low

 

This instruction is a recommendation and indicates the notes and consequences of changing each setting, so the network managers can decide properly for their systems and network. Hence, it is necessary to study relevant notes before making any changes.

Lite Mode

The simplest way of configuring Padvish to decrease the system overload is by activating the lite mode. This setting is considered for Virtual Desktop Infrastructure (VDI) in Padvish and changes the following:

  1. Disabling the installed software logging
  2. Disabling the system hardware logging (this will not affect Device Control)
  3. Collecting program data to control the program will be disabled
  4. System idle scan will be disabled

Concerning the purpose and performance of this option, it is possible that other problems and changes may be introduced in the future to decrease the overload and will be included in this option. As a result, activating it will allow you to benefit from improvements to future versions of Padvish.

Disabling setting impact

  • System software/hardware information will not be visible in the management console.
  • When defining the control rule, the software that is only visited in these systems is not visible. If you need it, you can use the program to add manually.
  • The idle scanner will not be active and maybe some malware may be detected later. Since this scanner has no impact on Real-Time Protection, it will detect malware as soon as they enter the system or attempt to enter. In case you desire to fix this problem you can set a scheduled scan.

 Setting path

  • Padvish Management Console > Change Client Settings >Padvish Antivirus> Lite Mode> Enable Lite Mode

System Idle scanner settings

If the idle scanner is on (default setting), Padvish uses the system idle time to perform, a light, behind-the-scene scan to detect the system malware. Pay attention that this option is different than Real-Time Protection which detects the malware as soon as they enter or run in the system and there will be no problem, even if this option is disabled.

 

However, when introducing new malware to the Padvish signature database, there may be a period until the malware is re-run and detected by the system, and the idle scanner tries to reduce this interval as much as possible without any overload for the user.

Note: system idle scanner uses the interaction between the user and the system to detect idle time. Consequently, in devices like ATMs with embedded systems, that in that sense, there is no user behind it, the system is almost assumed to be idle and there will be a continuous scan (albeit with low priority or overload) in the system.

Disable setting impact

  • The idle scanner will not be active and maybe some malware detects later. Since this setting has no impact on Real-Time Protection, the malware will be detected as soon as it enters the system or attempts to enter. If you want to fix this problem you can set a scheduled scan.

Setting path 

  • Padvish Management Console> Change Client Settings > Padvish Antivirus >Real-Time Protection > Scan Critical Areas During Idle Time.
  • Padvish Antivirus> Settings> Protection> Real-Time Protection> Scan Critical Areas During Idle Time.

Padvish DataCop Backup Setting

Padvish DataCop is an anti-ransom were elements that back up all of your system information daily and daily and twice a day and protect them against software/malware incidents. Also, to create a protective layer against ransomware, this layer has been useful as the permanent and handy backup of your data and can help you to restore your data even if your data changed accidentally or was removed unintentionally.

This backup is so fast and compact so that only %5 of the Disk space is enough to maintain several weeks of backups in normal applications. But some systems according to their applications are missing important data and do not need this mechanism. Additionally, the DataCop mechanism does not work in Windows XP and you need to have operating systems like: Vista or higher versions as well as Windows Server, Server 2003, or higher versions.

Disabling this option can reduce writing overload on the Disk. Therefore, if you disable this option after using the antivirus for a while, you can all previous backups to further improve your performance to make your system run lighter.

Disabling setting impacts

  • There will be no more daily backups (twice a day). As a result, the users will not be able to view previous versions of their files and you will have disabled one of the defense layers against ransomware attacks.

Setting path 

  •  Padvish Management Console >Change Client Settings > Padvish Anticrypto > DataCop> Enable DataCop
  • Padvish Management Console> Settings> Protection> Anticrypto > DataCop> Enable DataCop

App Control setting

The app control component in Padvish allows the network manager to prevent users from running different software and thus apply the policies of their organization.

One of the App control functions is to collect information from executable files and then apply the rules set by the admin to them. So, in systems that do not need this kind of protection, disabling this option can impact the execution of files.

Disabling setting impacts

  • The executive program data is not collected and the App control rule is not applied

Setting path

  • Padvish Management Console > Change Client Settings > Application Control > Enable Application Control

Cloud Network Connection Setting (Cloud/CloudScanner)

Padvish Cloud Network detects new malware and prevents your system from being infected, by Real-Time monitoring your system software functions and checking their status by Cloud network servers. this network divides into two main parts: monitoring (Padvish Cloud Network) and diagnostic (real-time cloud scan)

These two parts can be adjusted through two separate options. If the system is not connected to the internet, turning on these two options does not affect and can be disabled.

Disabling setting impact

  • A disabling real-time cloud scanner will prevent current malware from being detected.
  • Disabling the Padvish cloud network will turn off the monitoring system and prevent certain malware off your system from being detected.

Setting path

  • Padvish Management Console> Change Client Settings> Padvish Antivirus > Real Time Protection> Enable real-time cloud scan engine
  • Padvish Management Console> Change Client Settings > Padvish Antivirus < Scanner> Enable real-time cloud scan engine
  • Padvish Management Console> Change Client Settings > Padvish Antivirus > Padvish Cloud > Enable
  • Padvish Antivirus > Settings > Protection > Real Time Protection > Enable real time cloud scan engine
  • Padvish Antivirus > Settings> Protection > Scanner> Enable real time cloud scan engine
  • Padvish Antivirus> Settings> Network> Padvish Cloud> Enable

Device Control setting

Padvish device control provides you the basis to define policies for peripheral devices such as UBS, Mobiles, etc. so the admin can prevent the connection of unauthorized devices in their organization or log these events.

Device control does not have a significant load on the system and disabling it has no significant impacts on its function, but you can turn it off, in case you do not need it.

Disabling setting impact

  • In case of shutting down Device control, the policy of device control does not be applied.
  • Also, logging of Device connection and hardware changes is stopped.

Setting path

  • Padvish Management Console> Change Client Settings> Padvish Antivirus > device Control > Enable
  • Padvish Management Console > Change Client Settings > Padvish DLP > Device Control > Enable (v1.14+ Series) Padvish Antivirus > Settings > Protection > Device Control > Enable
  • Padvish Antivirus > Settings > Protection > DLP > Device Control > Enable (v2.8+ Series)

Peripheral Connection Logging settings – Volume log

The possibility of Volume logging is part of Padvish device control and allows the admin to be notified of the connection of storage media like Flash drive and CDs and even – in case of adjusting- to be informed of the transfer of files on the flash.

Due to the possible log volume, this setting is set to default only on logging from the peripheral connection.

Disabling setting impact   

  • In case of shutting down, it will only log off the connection of new drives

Setting path

  • Padvish Management Console > Change Client Settings > Padvish Antivirus > Device Control > Volume Log > Enable
  • Padvish Management Console > Change Client Settings > Padvish DLP > Volume Log > Enable (v1.14+ Series)
  • Padvish Antivirus > Settings > Protection > Device Control > Volume Log > Enable
  • Padvish Antivirus > Settings > Protection > DLP > Volume Log > Enable (v2.8+ Series)

Real-Time Protection

Real-time protection can be considered as the most fundamental component of any antivirus in preventing system infection, which prevents system infection as soon as malware is transmitted and before it is executed.

Disabling real-time protection must only be done in an imperative situation and can have a prominent impact on system security. As an alternative solution, you can exclude a file/folder by path so the scanning is not done in that particular path.

Disabling setting impact   

 

  • Real-time protection complete turn-off prevents the system from detecting malware as soon as they enter. Antivirus can only perform a part of its protection by idle and scheduled scanning.
  • In the case of exclusion by path, malware will not be detected if it is located in the corresponding path. In these cases, it is best to define exceptions only for real-time protection so that scheduled scans can detect this.

 

Setting path

  • Padvish Management Console > Change Client Settings > Padvish Antivirus > Real Time Protection > Enable
  • Padvish Management Console > Change Client Settings > Padvish Antivirus > Exceptions > Add (by path)
  • Padvish Antivirus > Settings > Protection > Real Time Protection > Enable
  • Padvish Antivirus > Settings > Protection > Exceptions > Add (by path)

Anticrypto Tamper Protection settings

One of the main and most effective protection layers of Padvish Anti Crypto is data protection. This layer monitors file changes in the system and in the event of destructive or quasi-ransomware behavior, the ransomware is blocked.

Probably, disabling anti-crypto in most cases has no significant impact on system function, but in the absence of other options, it can sometimes be used to reduce overloads in systems that are not at risk for ransomware or do not have significant data.

 

Disabling setting impact  

  • Your system data will be vulnerable to ransomware.
  • In the case of ransomware infection, other systems on the network (if they have a shared folder) may also be affected. As a result, if you disable this setting for a system, make sure that the currently shared folders on other network systems are not accessible from the system without protection.

Setting path

  • Padvish Management Console > Change Client Settings > Padvish AntiCrypto > Tamper Protection > Tamper Protection Level
  • Padvish Antivirus > Settings > Protection > AntiCrypto > Tamper Protection > Tamper Protection Level

Web Control Setting

Web Control component must check browsed websites by the client and prevent the system from connecting to unauthorized sites (according to the policy defined by the network manager).

Disabling this component has no significant impact on system function, you can disable this component when there is no policy definition concern or there is no network connection.

 

Disabling setting impact   

  • Web control policies are not applied.

Setting path

  • Padvish Management Console > Change Client Settings > Padvish Antivirus > Padvish Web Control >Enable
  • Padvish Antivirus > Settings > Network > Padvish Web Control >Enable

Firewall & IPS setting

Preventing attacks and exploits under the network is the main duty of the Padvish Intrusion Prevention System (IPS) and it should not turn off if the intrusion through the network is probable.

You can disable these two components, if a system, in general, has no network connection. However, disabling these two components in this situation (without a network) has no significant impact on system function.

As an alternative solution, you can use exceptions for IPS (by authorizing the connection in firewall network rules).

 

Disabling setting impact   

There will be no protection against network attacks.

Setting path

  • Padvish Management Console > Change Client Settings > Padvish Antivirus > Firewall and IPS > Firewall > Enable
  • Padvish Management Console > Change Client Settings > Padvish Antivirus > Firewall and IPS > Intrusion Prevention > Enable
  • Padvish Antivirus > Settings > Network > Firewall > Enable
  • Padvish Antivirus > Settings > Network >Intrusion Prevention > Enable

Reports setting

You can only disable the relevant logging section, if your system is exposed to numerous attacks and you need to enable some components (such as IPS) but with no logging.

In this case, no more time will be spent registering logs (and possibly sending them to the server).

 

Disabling setting impact

  • The protection does not change, but logs of attacks are not registered.

Setting path

  • Padvish Management Console > Change Client Settings > Reports
  • Padvish Antivirus > Settings > Reports & Notifications > Reports

 

 

 

 

  0 people found this article useful

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>